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Attorney's Docket No. 



B-4050CONTPCT 618384-8 



PATENT 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Box Patent Application 

Assistant Commissioner for Patents 

Washington, D.C. 20231 

NEW APPLICATION TRANSMITTAL 

Transmitted herewith for filing is the patent application of 

Inventors): (i) Graeme John PROUDLER (2) David CHAN 



WARNING: Patent must be applied for in the name(s) of all of the actual inventors). 37 CFR 1.41(a) and 1.53(b). 

For (title): 

"OPERATION OF TRUSTED STATE IN COMPUTTNG PLATFORM" 



CERTIFICATION UNDER 37 CFR 1.10 

I hereby certify that this New Application Transmittal and the documents referred to as enclosed therein are being 

" ' " 28, 2000 ( in an enve | 0 p e 

, addressed 



deposited with the United States Postal Service on this date November 

as "Express Mail Post Office to Addressee" Mailing Label MnmhAr EL74 1832285US 
to the: Assistant Commissioner for Patents, Washington, D,C, 20231 . 

Karyn Lao 



(type orj>hntpame of person mailing paper) 




Signature of person mailing paper 

NOTE: Each paper or fee referred to as enclosed herein has the number of the "Express Mail" mailing label placed 
thereon prior to mailing. 37 CFR 1.10(b). 

WARNING: Certificate of mailing (first class) or facsimile transmission procedures of 37 CFR 1.8 cannot be used 
to obtain a date of mailing or transmission for this correspondence. 
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1. Type of Application 



This new application is for a(n) 

(check one applicable Item below) 

□ Original (nonprovisional) 

□ Design 
□ Plant 

WARNING; Do not use this transmittal for a completion in the U.S. of an international Application under 35 
U.S.C. 371(c)(4), unless the International Application is being filed as a divisional, continuation or 
continuation-in-part application. 

WARNING: Do not use this transmittal for the filing of a provisional application. 

NOTE: If one of the following 3 items apply, then complete and attach ADDED PAGES FOR NEW APPUCA TION 
TRANSMITTAL WHERE BENEFIT OF A PRIOR U.S. APPLICATION CLAIMED and a NOTIFICATION 
IN PARENT APPLICATION OF THE FILING OF THIS CONTINUATION APPLICATION, 

□ Divisional. 
Continuation. 

□ Continuation-in-part (C-l-P). 

2. Benefit of Prior U.S. Application^) (35 U.S.C, 119(e), 120, or 121) 

NOTE: If the new application being transmitted is a divisional, continuation or a continuation-in-part of a parent 
case, or where the parent case Is an International Application which designated the U.S., or benefit 
of a prior provisional application is claimed, then check the following item and complete and attach 
ADDED PAGES FOR NEW APPLICATION TRANSMITTAL WHERE BENEFIT OF PRIOR U.S. APPLICA- 
TION^) CLAIMED. 

WARNING: If an application claims the benefit of the fifing date of an earlier filed application under 35 U.S.C. 

120, 121 or 365(c), the 20-year term of that application will be based hpon the filing date of the 
earliest U.S. application that the application makes reference to under 35 U.S.C. 120, 121 or 365(c). 
(35 U.S.C. 164(a)(2) does not take Into account, for the determination of the patent term, any 
application on which priority is claimed under 35 U.S.C. 119, 365(a) or 365(b).) For a c-/-p 
application, applicant should review whether any claim In the patent that will issue is supported 
by an earlier application and, if not, the applicant should consider canceling the reference to the 
earlier fifed application. The term of a patent is not based on a claim-by-ciaim approach. See Notice 
of April 14, 1995, 60 Fed. Reg. 20, 195, at 20,205. 

WARNING: When the last day of pendency of a provisional application falls on a Saturday, Sunday, or Federal 
holiday within the District of Columbia, any nonprovisional application claiming benefit of the 
provisional application must be filed prior to the Saturday, Sunday, or Federal holiday within the 
District of Columbia. See 37 C.F.R. § 1.78(a)(3). 

>C£ The new application being transmitted claims the benefit of prior U.S. applica- 
tion^). Enclosed are ADDED PAGES FOR NEW APPLICATION TRANSMITTAL 
WHERE BENEFIT OF PRIOR U.S. APPLICATION(S) CLAIMED. 

3. Papers Enclosed That Are Required for Filing Date under 37 C.F.R. 1.53(b) 
(Regular) or 37 C.F.R. 1.163 (Design) Application 

-Ail°?lgea PoF specScatfon tional ^Plication No. PCT/GBOO/03613 as filed consisting of: 

—2 — Pages of claims 
— — Pages of Abstract 
12 Sheets of drawing (Figs. 1-12) 
E3 formal 

D informal 1 
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WARNING: DO NOT submit original drawings. A high quality copy of the drawings should be supplied when 
filing a patent application. The drawings that are submitted to the Office must be on strong, white, 
smooth, and non-shiny paper and meet the standards according to § 1.84. If corrections to the 
drawings are necessary, they should be made to the original drawing and a high-quality copy of 
the corrected original drawing then submitted to the Office. Only one copy is required or desired. 
Comments on proposed new 37 CFR 1.84. Notice of March 9, 1988 (1990 OJg. 57-62). 
NOTE: "Identifying indicia, if provided, should include the application number or the title the invention, 
inventor's name, docket number (if any), and the name and telephone number of a person to call if 
the Office is unable to match the drawings to the proper application. This information should be placed 
on the back of each sheet of drawing a minimum distance of 1.5 cm. (5/8 inch) down from the top 
of the page. n 37 O.F.R. 1.84(c)). 

(complete the following, if applicable) 

□ The enclosed drawing(s) are photograph(s), and there is also attached a 
"PETITION TO ACCEPT PHOTOGRAPH(S) AS DRAWING(S)." 37 C.F.R. 1.84(b). 

4. Additional papers enclosed 
Preliminary Amendment 

information %^surej|taterpegt ^f£^-g te lg98) wi th Form pto-1449 (modified) > 3 and 
Form PTO-144^ (PTO/SB/08A and 08B) 
Citations 

Declaration of Biological Deposit 

Submission of "Sequence Listing," computer readable copV and/or amendment 
pertaining thereto for biotechnology invention containing nucleotide and/or 
amino acid sequence. 

Authorization of Attorn ey(s) to Accept and Follow Instructions from Representa- 
tive 

Special Comments 

Other : copy o£ ECT Request - „ T ^ . 

c.Qpx of European Search Report (see Information Disclosure Statement) 

5. Declaration or oath 

□ Enclosed 
Executed by 

(check all applicable boxes) 

□ inventor(s). 

□ legal representative of inventor(s). 
37 CFR 1 .42 or 1 .43. 

□ joint inventor or person showing a proprietary 
interest on behalf of inventor who refused to sign 
or cannot be reached. 

□ This is the petition required by 37 CFR 1 .47 and the statement 
required by 37 CFR 1.47 is also attached. See item 13 below for 
fee. j 

Not Enclosed. 

WARNING: Where the filing is a completion in the U.S. of an International Application, but where a declaration 
is not available, or where the completion of the U.S. application contains subject matter in addition 
to the International Application, the application maybe treated as a continuation or continuation-in- 
part, as the case may be, utilizing ADDED PAGE FOR NEW APPLICATION TRANSMITTAL WHERE 
BENEFIT OF PRIOR U.S. APPLICATION CLAIMED. 
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£3: Application is made by a person authorized under 37 C.F.R. 1 .41 (c) on behalf 
of all the above named inventor(s). 

(The declaration or oath, along with the surcharge required by 37 CFB 1.16(e) can be 

Wed subsequently). 

NOTE: It is important that all the correct inventor(s) are named for Wing under 37 CFR 1.41(c) and 1.53(b). 

□ Showing that the filing is authorized. 

(not required unless called Into question, 37 CFR^^(d)) 

6. Inventorship Statement 

WARNING: If the named inventors are each not the inventors of ail the claims an explanation, including the 
ownership of the various claims at the time the fast claimed invention was made, should be 
submitted. 

The inventorship for ail the claims in this application are: 

□ The -same, 

or 

□ Not the same. An explanation, including the ownership of the various claims at 
the time the last claimed invention was made, 

□ is submitted. 

D will be submitted. 

7. Language 

NOTE: An application including a signed oath or declaration may be filed in a language other than English. 

A verified English translation of the non-English language application and the processing fee of $130.00 
required by 37 CFB 1.17(h) is required to be filed with the application, or within such time as may be 
set by the Office. 37 CFR 1.52(d). f 

NOTE: A non-English oath or declaration in the form provided or approved by the PTO need not be translated. 
37 CFR 1.69(b). 

EX English 
■ □ Non-English 

□ The attached translation is a verified translation. 37 C.F.R. 1.52(d). 

8. Assignment 

D An assignment of the invention to 



□ is attached. A separate D "COVER SHEET FOR ASSIGNMENT (DOCU- 
MENT) ACCOMPANYING NEW PATENT APPLICATION" or □ FORM PTO 
1595 is also attached. 

S will follow. 

NOTE: "If an assignment is submitted with a new application, send two separate letters-one for the application 
and one for the assignment" Notice of May 4, 1990 (1114 O.G. 77-78). 

WARNING: A newly executed "CERTIFICATE UNDER 37 CFR 3. 73(b)** must be filed when a continuation-in-part 
application is filed by an assignee. Notice of April 30, 1993, 1150 O.G. 62-64. 



1 
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9. Certified Copy 

Certified copy(ies) of app I [cation (s) 

EP 99307380-8 

Country Appln. no 



Country Appin, no. Filed 



Country Appln. no. Filed 

from which priority is claimed 

□ is (are) attached. 

□ will follow. 

NOTE: The foreign application forming the basis for the claim for priority must be referred to in the oath or 
declaration. 37 CFR 1, 55(a) and 1.63, 

NOTE: This item fs for any foreign priority for which the application being filed directly relates. If any parent 
U.S. application or International Application from which this application claims benefit under 35 U.S.C. 
120 is itself entitled to priority from a prior foreign application, then complete item 18 on the ADDED 
PAGES FOR NEW APPLICATION TRANSMITTAL WHERE BENEFIT OF PRIOR U.S. APPLICATION(S) 
CLAIMED. 

10. Fee Calculation (37 C.F.R. 1.16) 

A. £t Regular application * 



CLAIMS AS FILED 


Number filed 


Number Extra 




Rate 


Basic Fee 
37 C.F.R. 1.16(a) 
$. 710.00 


Total 

Claims (37 CFR 1.16(c)) 22- 


20 = 2 


X 


$ 18.00 


36.00 


Independent 

Claims (37 CFR 1.16(b)) £ - 


3 « 1 


X 


$ 80. 00 


80. 00 


Multiple dependent claim(s), 
if any (37 CFR 1.16(d)) 


0 


+ 


$ 270.00 


0 



D Amendment cancelling extra claims is enclosed. 

□ Amendment deleting multiple-dependencies is enclosed. 

□ Fee for extra claims is not being paid at this time. 

NOTE: If the fees for extra claims are not paid on fifing they must be paid or the claims cancelled by amendment, 
prior to the expiration of the time period set for response by the Patent and Trademark Office in any 
notice of fee deficiency. 37 CFR 1. 16(d). 

Fifing Fee Calculation j & 826.00 

Ji 
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17 September 1999 
, Filed 



tj, i i uesign application 

($320.00—37 CFR 1.16(f)) 

Filing Fee Calculation $ 

C. □ Plant application 

($530,00—37 CFR 1.16(g)) 

Filing fee calculation $ 

1 1 . Small Entity Statements) 

□ Verified Statement(s) that this is a filing by a small entity under 37 CFR 1 .9 and 
1.27 is (are) attached. 

WARNING: "Status as a smalt entity in one application or patent does not affect any other application or patent, 
including applications or patents which are directly or indirectly dependent upon the application 
or patent in which the status has been established. A nonprovisional application claiming benefit 
under 35 0*.S.C. 1 19(e), 120, 121 or 365(c) of a prior application may rely on a verified statement 
filed in the prior application if the nonprovisional application includes a reference to a verified 
statement in the prior application or includes a copy of the verified statement filed in the prior 
application if status as a small entity is still proper and desired." 37 C.F.R. £ 1.28(a). 

(complete the following, if applicable) 

□ Status as a small entity was claimed in prior application 

/ , filed on , from which benefit 

is being claimed for this application under: 

35 U.S.C. □ 119(e), 

□ 120, 

□ 121, 

□ 365(c), ' 
and which status as a small entity is still proper and desired. 

□ A copy of the verified statement in the prior application is included. 
Filing Fee Calculation (50% of A, B or C above) 

$ 



NOTE: Any excess of the full fee paid will be refunded if a verified statement and a refund request are filed 
within 2 months of the date of timely payment of a full fee. The two-month period is not extendable 
under § 1.136. 37 CFR 1.28(a). 

12. Request for International-Type Search (37 C.F.R. 1.104(d)) 

(complete, if applicable) 

□ Please prepare an International-type search report for this application at the time 
when national examination on the merits takes place. 



- 1 
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13. Fee Payment Being Made at This Time 

£t Not Enclosed 

jgj No filing fee is to be paid at this time. 

(This and the surcharge required by 37 C.F.R. 1.16(e) can be paid subse- 
quently.) 

□ Enclosed 

□ Basic filing fee $ 

□ Recording assignment 
($40.00; 37 C.F.R. 1.21(h)) 

(See attached "COVER SHEET FOR 
ASSIGNMENT ACCOMPANYING NEW 

APPLICATION".) $ 

□ Petition fee for filing by other than all the 
inventors or person on behalf of the inventor 
where inventor refused to sign or cannot be 
reached 

($130.00; 37 C.F.R. 1.47 and 1.17(h)) $ 

□ For processing an application with a ,» 
specification in 

a non-English language 

($130.00; 37 C.F.R. 1.52(d) and 1.1 7(k)) $ 

□ Processing and retention fee 

($130.00; 37 C.F.R. 1.53(d) and 1.21(0) $ 

□ Fee for international-type search report 

($40.00; 37 C.F.R. 1.21(e)) $ 

NOTE: 37 CFR 1.210 establishes a fee for processing and retaining any application that is abandoned for failing 
to complete the application pursuant to 37 CFR 1.53(d) and this, as weil as the changes to 37 CFR 
1,53 and 1.78, indicate that in order to obtain the benefit of a prior U.S. application, either the basic 
filing fee must be paid, or the processing and retention fee of § 1.21(1) must be paid, within 1 year from 
notification under § 53(d). 

Total fees enclosed $ 

14. Method of Payment of Fees 

□ Check in the amount of $ 

□ Charge Account No. in the amount of 

$ 

A duplicate of this transmittal is attached. 

NOTE: Fees should be itemized in such a manner that it is clear for which purpose the fees are paid. 37 CFR 
1.22(b). ; 

i 
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WARNING: If no fees are to be paid on filing, the following items should not be completed. 

WARNING: Accurately count claims, especially multiple dependent claims, to avoid unexpected high charges, 
if extra claim charges are authorized, 

□ The Commissioner is hereby authorized to charge the following additional fees 
by this paper and during the entire pendency of this application to Account No. 



□ 37 C.F.R. 1.16(a), (f) or (g) (filing fees) 

□ 37 C.F.R. 1.16(b), (c) and (d) (presentation of extra claims) 

NOTE: Because additional fees for excess or multiple dependent claims not paid on filing or on later presentation 
must only be paid or these claims cancelled by amendment prior to the expiration of the time period 
set for response by the PTO in any notice of fee deficiency (37 OFR 1.1 6(d)), it might be best not to 
authorize the PTO to charge additional claim fees, except possibly when dealing with amendments after 
final action. 

□ 37 C.F.R. 1.16(e) (surcharge for filing the basic filing fee and/or declaration 
on a date iater than the filing date of the application) 

□ 37 C.F.R. 1.17 (application processing fees) 

WARNING: While 37 CFR 1. 1 7(a), 0), (c) and (d) deal with extensions of time under § 1 . 136(a), this authorization 
should be made only with the knowledge that: "Submission of the appropriate extension fee under 
37 C.F.R. 1.136(a) Is to no avail unless a request or petition for extension is filed. " (Emphasis added). 
Notice of November 5, 1985 (1060 O.G. 27). 

D 37 C.F.R. 1.18 (issue fee at or before mailing of Notice of Allowance, 
pursuant to 37 C.F.R. 1.311(b)) 

NOTE: Where an authorization to charge the issue fee to a deposit account has been filed before the mailing 
of a Notice of Allowance, the Issue fee will be automatically charged to the deposit account at the time 
of mailing the notice of allowance. 37 CFR 1.311(b). * 

NOTE: 37 CFR 1.28(b) requires "Notification of any change in loss of entitlement to small entity status must 
be fifed in the application . . . prior to paying, or at the time of paying, . . . issue fee. " From the wording 
of 37 CFR 1.28(b): (a) notification of change of status must be made even if the fee is paid as "other 
than a small entity" and (b) no notification is required if the change is to another small entity. 

16. Instructions as to Overpayment 

3 Credit Account No. 12-0415 
□ Refund 

Reg. No. 28, 145 
Tel. No. ( 323 ) 934-2300 




(type or print name of attofpe^ 

LADAS & PARRY 



P.O. Address 

5670 Wilshire Boufkevard, Suite 2100 
ILos Angeles, California 90036-5679 



I 
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Incorporation by reference of added pages 

(check the following item if the application in this transmittal ciaims the 
benefit of prior US. applications) (including an international application 
entering the US, stage as a continuation, divisional or C-i-P £}5frtication) and 
complete and attach the ADDED PAGES FOR NEW APPLICATION TRANS- 
MITTAL WHERE BENEFIT OF PRIOR US. APPLICATIONS) CLAIMED) 

E8 Plus Added Pages for New Application Transmittal Where Benefit of Prior U.S. 
Application^) Claimed 

Number of pages added ~* 

□ Plus Added Pages for Papers Referred to in Item 4 Above 

Number of pages added 

□ Plus "Assignment Cover Letter Accompanying New Application" 

Number of pages added 

Statement Where No Further Pages Added 

(if no further pages form a part of this Transmittal, then end this Transmittal 
with this page and check the following item) 

□ This transmittal ends with this page. 



i 
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ADDED PAGE(S) FOR APPLICATION TRANSMITTAL WHERE BENEFIT OF 
A PRIOR U,S. APPLICATION CLAIMED 



This application is toeing- filed as a continuation of co-pending 
PCT International Patent Application No. PCT/GBOO / 03 613 (filed on 
19 September- 2000) , which PCT application claims priority to EP 
Application No . 99307380.8 (filed on 17 September 1999). 
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Added page 



Added Page for Application Transmittal Where Benefit of Prior U.S. Apptication(s) Claimed [4-1.1]) 



_ , _ . A M B-4050CQNTPCT 618384-8 « 
Attorney's Docket No. RATBNT 

ADDED PAGES FOR APPLICATION TRANSMITTAL WHERE BENEFIT OF 
PRIOR U.S. APPLICATION(S) CLAIMED 

NOTE: "In order for an application to claim the benefit of a prior filed copending national application, the prior 
application must name as an inventor at least one inventor named in the later fifed application and 
disclose the named inventor* s invention claimed in at least one claim of the later filed application in 
the manner provided by the first paragraph of 35 U.S.C. 112." 37 CFR 1.78(a). 

NOTE: "In addition the prior application must be (1) complete as set forth in § 1,51, or (2) entitled to a fifing 
date as set forth in § 1.53(b) and include the basic filing fee set forth in § 1. 16: or (3) entitled to a filing 
date as set forth in § 1.53(b) and have paid therein the processing and retention fee set forth in § 1,210 
within the tfme period set forth in § 1. 53(d)."' 37 CFR 1.78(a). 

17. Relate Back 

WARNING: if an application claims the benefit of the filing date of an earlier filed application under 35 U.S.C. 

120, 121 or 365(c), the 20-year term of that application will be based upon the filing date of the 
earliest U.S. application that the application makes reference to under 35 U.S.C. 120, 121 or 365(c). 
(35 U.S.C. 154(a)(2) does not take into account, for the determination of the patent term, any 
application on which priority is claimed under 35 U.S.C. 119, 365(a) or 365(b).) For a c-i-p 
application, applicant should review whether any claim in the patent that will issue is supported 
by an earlier application and, if not, the applicant should consider canceling the reference to the 
earlier filed application. The term of a patent is not based on a claim~by~claim approach. See Notice 
of April 14, 1995, 60 Fed. Reg. 20,195, at 20,205. 

(complete the following, if applicable) 

D3 Amend the specification by inserting, before the first line, the following sentence: 
A. 35 U.S.C. 119(e) 

NOTE: "Any nonprovisional application claiming the benefit of one or more prior filed copending provisional 
applications must contain or be amended to contain in the first sentence of the specification following 
the title a reference to each such prior provisional application, identifying it as a provisional application, 
and including the provisional application number (consisting of series code and serial number). "37C.F.R. 
§ 1.78(a)(4). 

□ "This application claims the benefit of U.S. Provisional Application^) No(s).: 
APPLICATION NO(S).: FILING DATE 
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B. 35 U.S.C* 120, 121 and 365(c) 



NOTE: "Any nonprvvisfonat application claiming the benefit of one or more prior fifed copending nonprovisional 
applications or international applications designating the United States of America must contain or be 
amended to contain in the first sentence of the specification following the title a reference to each such 
prior application, identifying it by application number (consisting of the series code and serial number) 
or international application number and International filing date and indicating the relationship of the 
applications. Cross-references to other related applications may be made when appropriate. (See 
§ 1.14(b))." 37 C.F.R. § 1.78(2). 

ED' "This application is a 
Ef continuation 

□ continuation-in-part 

□ divisional 

of copending application^) 

□ application number 0 / filed on " 

E International Application rCT/CBQO/03613 filed on 

19 September 2000 and whicn designated the U.S." 

NOTE: The proper reference to a prior filed POT application that entered the U.S. national phase is the U.S. 
serial number and the filing date of the POT application that designated the US. 

NOTE: (1) Where the application being transmitted adds subject matter to the international Application, then 
the filing can be as a continuation-in-part or (2) if it Is desired to do so for other reasons then the fifing 
can be as a continuation. 

□ "The nonprovisional application designated above, namely application 

/ , filed , claims the benefit of U.S. 

Provisional Application^) No(s).: 

,« 

APPLICATION NO(S).: FILING DATE 

/ " 

/ " 



NOTE: The deadline for entering the national phase In the U.S. for an international application was clarified 
in the Notice of April 28, 1987 (1079 O.Q. 32 to 46) as follows: 

"The Patent and Trademark Office considers the International application to be pending until the 22nd 
month from the priority date if the United States has been designated and no Demand for international 
Preliminary examination has been fifed prior to the expiration of the 19th month from the priority date 
and until the 32nd month from the priority date if a Demand for Internationa! Preliminary Examination 
which elected the United States of America has been filed prior to the expiration of the 19th month 
from the priority date, provided that a copy of the International application has been communicated 
to the Patent and Trademark Office within the 20 or 30 month period respectively. If a copy of the 
international application has not been communicated to the Patent and Trademark Office within the 
20 or 30 month period respectively, the international application becomes abandoned as to the United 
States 20 or 30 months from the priority date respectivley. These periods have been placed in the rules 
as paragraph (h) of§ 1.494 and paragraph 0) of§ 1.495. A continuing application under 35 U.S.C. 365(c) 
and 120 may be filed anytime during the pendency of the international application." 



■I 

I 
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18. Relate Back — 35 U.S.C. 119 Priority Claim for Prior Application 

The prior U.S. application(s), Including any prior International Application designating the 
U.S., identified above in item 17B, in turn itself ciaim(s) foreign priority(ies) as follows: 

EP 99307380.8 17 September . 1999 

country appln. no. filed on 

The certified copy(ies) has (have) 

[3 been filed on , in prior application FCT/ GBOO/036 13 which was 

filed on 19 September 2000. 

□ is (are) attached. 

WARNING: The certified copy of the priority application that may have been communicated to the PTO by 
the intematfonaf Bureau may not be relied on without any need to file a certified copy of the priority 
application in the continuing application. This is so because the certified copy of the priority 
application communicated by the International Bureau is placed in a folder and is not assigned 
a U.S. serial number unless the national stage is entered. Such folders are disposed of if the national 
stage is not entered. Therefore, such certified copies may not be available if needed later in the 
prosecution of a continuing application. An alternative would be to physically remove the priority 
documents from the folders and transfer them to the continuing application. The resources required 
to request transfer, retrieve the folders, make suitable record notations, transfer the certified copies, 
enter and make a record of such copies in the Continuing Application are substantia/. Accordingly, 
the priority documents in folders of International applications that have not entered the national 
stage may not be relied on. Notice of April 28, 1987 (1079 O.G. 32 to 46). 

19. Maintenance off Copendency of Prior Application '* 

NOTE: The PTO finds it useful if a copy of the petition filed in the prior application extending the term for 
response is filed with the papers constituting the fifing of the continuation application. Notice of 
November 5, 1985 (1060 O.G. 27). 

A. □ Extension of time In prior application 

(This item must be compieted and the papers filed in the prior application, 
if the period set in the prior application has run.) 

□ A petition, fee and response extends the term in the pending prior application 
until 

□ A copy of the petition filed in prior application is attached. 

B. □ Conditional Petition for Extension of Time in Prior Application 

(complete this item, if previous item not applicable) 

□ A conditional petition for extension of time is being filed in the pending prior 
application, 

□ A copy of the conditional petition filed in the prior application is attached. 
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Claimed 

NOTE: "If the continuation, continuation-in-part, or divisional application is fifed by less than all the inventors 
named in the prior application a statement must accompany the application when filed requesting 
deletion of the names of the person or persons who are not inventors of the invention being claimed 
in the continuation continuation'in-part t or divisional application." 37 CFR 1.62(a) [emphasis added], 
(dealing with the fife wrapper continuation situation). 

NOTE: "in the case of a continuation-in-part application which adds and cfaims additional disclosure by 
amendment, an oath or declaration as required by § 1.63 must be filed. In those situations where a 
new oath or declaration is required due to additional subject matter being ctaimed,-ptfdJ(ional inventors 
may be named in the continuing application, in a continuation or divisional applicatiorrwhich discloses 
and cfaims only subject matter disclosed in a prior application, no additional oath or declaration is 
required and the application must name as inventors the same or less than ail the inventors in the prior 
application." 37 CFR 1.60(c) (dealing with the continuation situation). 

(complete applicable item (a), (b) and/or (c) below) 

(a) H This application discloses and claims only subject matter disclosed in the prior 
application whose particulars are set out above and the inventor(s) in this 
application are 

£3 the same. 

□ less than those named in the prior application, it is requested that the 
following inventors) identified for the prior application be deleted: 



(typo name(s) of inventor(s) to be deleted) 

(b) D This application discloses and claims additional disclosure by amendment and 

a new declaration or oath is being filed. With respect to the prior application, 
the inventors) in this application are * 

□ the same. 

□ the following additional inventor(s) have been added: 

(type name(s) of inventor(s) to be added) 

(c) The inventorship for ail the claims in this application are 

□ the same. 

D not the same. An explanation, including the ownership of the various ciaims 
at the time the last claimed invention was made 
D is submitted. 
□ will be submitted. 
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21 - Abandonment of Prior Application (if applicable) 

O Please abandon the prior application at a time while the prior application is 
pending, or when the petition for extension of time or to revive in that application 
is granted, and when this application is granted a filing date, so q& make this 
application copending with said prior application. ^ 

NOTE: According to the Notice of May 13, 1983 (103, TMOG 6-7), the filing of a continuation or continuation-in- 
part application is a proper response with respect to a petition for extension of time or a petition to 
revive and should include the express abandonment of the prior application conditioned upon the 
granting of the petition and the granting of a filing date to the continuing application. 

22. Petition for Suspension of Prosecution for the Time Necessary to 
Fiie an Amendment 

WARNING; "The claims of a new application may be finally rejected in the first Office action in those situations 
where (1) the new application is a continuing application of, or a substitute for, an earlier application, 
and (2) all the claims of the new application (a) are drawn to the same invention claimed in the 
earlier application, and (b) would have been properly finally rejected on the grounds of art of record 
in the next Office action if they had been entered in the earlier application." MPEP, § 706.07(b). 

NOTE: Where it is possible that the claims on file will give rise to a first action final for this continuation application 
and for some reason an amendment cannot be filed promptly (e.g., experimental data is being gathered) 
it may be desirable to file a petition for suspension of prosecution for the time necessary. 

(check the next item, if applicable) 

□ There is provided herewith a Petition To Suspend Prosecution for the Time 
Necessary to File An Amendment (New Application Filed Concurrently) 

23- Small Entity (37 CFR § 1 .28(a)) 

□ Applicant has established small entity status by the filing of a verified statement 
in parent application / on . 

□ A copy of the verified statement previously filed is included. 

WARNING: "Status as a small entity in one application or patent does not affect any other application or patent, 
including applications or patents which are directly or indirectly dependent upon the application 
or patent in which the status has been established. Applications filed as continuations, divisions 
or continuations-in-part of a parent application must include a reference to a verified statement 
filed in the parent application if status as a samll entity is still proper and desired. "37 CFR § 1.28(a). 

24. NOTIFICATION IN PARENT APPLICATION OF THIS FILING 

3Q£ A notification of the filing of this 
(check one of the following) 

jot continuation 

□ continuation-in-part 

□ divisional 

is being filed in the parent application, from which this application claims priority under 35 
U.S.C. § 120. 
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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



Applicants: Graeme John 

PROUDLER, et al . 

U.S. Appln. No.: not yet 
assigned 

U.S. Filing Date: concurrently 
herewith 

International Application No: 
PCT/GBOO/03613 

International Filing Date: 
19 September 2000 

For: "OPERATION OF TRUSTED 
STATE IN COMPUTING PLATFORM" 



Re: Preliminary Amendment 
Group: not yet assigned 
Examiner: not yet assigned 



Our Ref.: B- 4 0 5 0CONTPCT 618384-8 
Date: November 28, 2 000 



Box Patent Application 

Assistant Commissioner for Patents 

Washington, D.C. 20231 

Sir: 

Prior to examination of the above-identified application, it is 
respectfully requested that the Claims be amended as follows: 



1. (Amended) A computing entity comprising: 

a computer platform comprising a plurality of physical and logical 
resources including a first data processor and a first memory 
[means] ; 



a monitoring component comprising a second data processor and a 
second memory [means] ; 

wherein, said computer platform is capable of operating in a 
plurality of different states, each said state utilising a 
corresponding respective set of individual ones of said physical 
and logical resources; 
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wherein said monitoring component operates to determine which of 
said plurality of states is the current operating state of said 
computer platform [operates in] . 

2. (Amended) The computing entity as claimed in claim 1, 
wherein [a] said first memory means contains a set of instructions 
for configuration of said plurality of physical and logical 
resources of said computer platform into [said] a pre-determined 
state. 

3. (Amended) The computing entity as claimed in claim 1, in 
which exit of said computer platform from each said [pre- 
determined] operating state is monitored by said monitoring 
component . 

4. (Unchanged) The computing entity as claimed in claim 1, 
wherein said monitoring component includes a BIOS file. 

5. (Unchanged) The computing entity as claimed in claim 1, 
wherein said computer platform comprises an internal firmware 
component configured to compute a digest data of a BIOS file data 
stored in a predetermined memory space occupied by a BIOS file of 
said computer platform. 

6. (Amended) A method of activating a computing entity 
comprising a computer platform having a first data [processing 
means] processor and a first memory [means] and a monitoring 
component having a second data [processing means] processor and a 
second memory [means] , into an operational state of a plurality of 
pre-conf igured operational states into which said computer 
platform can be activated, said method comprising the steps of: 
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selecting a state of said plurality of pre-conf igured operational 
states [into which] to activate for said computer platform; 

activating [said computer platform into] said selected state for 
said computer platform according to a set of stored instructions; 

wherein said monitoring component monitors activation [into] of 
said selected state by recording data describing which of said 
plurality of pre-conf igured states [said computer platform] is 
activated [into] . 

7. (Amended) The method as claimed in claim 6, wherein said 
monitoring component continues to monitor said selected state 
after said state [computer platform] has been activated [into said 
state] . 

8. (Unchanged) The method as claimed in claim 6, wherein 
said monitoring component generates a state signal in response to 
a signal input directly to said monitoring component by a user of 
said computing entity, said state signal indicating which said 
state said computer platform has entered. 

9. (Unchanged) The method as claimed in claim 6, wherein 
said set of stored instructions are stored in a BIOS file resident 
within said monitoring component. 

10. (Unchanged) The method as claimed in claim 6, 
comprising the step of generating a menu for selection of a said 
pre-conf igured state from said plurality of pre-conf igured states. 

11. (Unchanged) The method as claimed in claim 6, 
comprising the step of generating a user menu displayed on a user 
interface for selection of a said pre-conf igured state from said 
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plurality of pre-conf igured states, and said step of generating a 
state signal comprises generating a state signal in response to a 
user input accepted through said user interface. 

12. (Unchanged) The method as claimed in claim 7 , in which 
said step of selecting a state of said plurality of pre-conf igured 
operational states comprises receiving a selection signal from a 
smartcard device, said selection signal instructing a BIOS of said 
computer platform to activate the said computer platform into a 
said selected state. 

13. (Amended) The method as claimed in claim 6, wherein 
said step of selecting a state of said plurality of pre-conf igured 
operational states comprises receiving a selection message from a 
network connection, said selection message instructing a BIOS file 
of said computer platform to activate said computer platform into 
a [said] selected state. 

14. (Amended) The method as claimed in claim 6, wherein 
said step of monitoring a [said] selected state comprises: 

immediately before activating said computer platform, 
creating by means of a firmware component a digest data of a first 
pre-allocated memory space occupied by a BIOS file of said 
computer platform; 

writing said digest data to a second pre-allocated memory 
space to which only said firmware component has write access; and 

said monitoring component reading said digest data from said 
second pre-allocated memory space. 



15. (Unchanged) The method as claimed in claim 6, wherein 
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said step of monitoring said state into which said computer 
platform is activated comprises: 

executing a firmware component to compute a digest data of a 
BIOS file of said computer platform; 

writing said digest data to a predetermined location in said 
second memory means of said monitoring component. 

16. (Amended) The method as claimed in claim 6, wherein 
said step of activating [said computer platform into] said 
selected state comprises: 

at a memory location of said first memory [means] , said 
location occupied by a BIOS file of said computer platform, 
storing an address of said monitoring component which transfers 
control of said first processor to said monitoring component; 

storing in said monitoring component a set of native 
instructions which are accessible immediately after reset of said 
first processor, wherein said native instructions instruct said 
first processor to calculate a digest of said BIOS file and store 
said digest data in said second memory [means] of said monitoring 
component ; and 

said monitoring component passing control of said activation 
process to said BIOS file, once said digest data is stored in said 
second memory [means] . 

17. (Amended) The method as claimed in claim 6, wherein 
said step of monitoring said activated state [into which said 
computer platform is activated] comprises: 
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after said step of activating [said computer platform into] 
said selected state, monitoring a plurality of logical and 
physical components to obtain a first set of metric data signals 
from those components, said metric data signals describing a 
status and condition of said components; 

comparing said first set of metric data signals determined 
from said plurality of physical and logical components of said 
computer platformf,] with a set of pre-recorded metric data stored 
in a memory area reserved for access only by said monitoring 
component ; and 

comparing said first set of metric data signals obtained 
directly from said plurality of physical and logical components 
with said set of pre-stored metric data signals stored in said 
reserved memory area. 

18. (Amended) A method of operating a computing entity 
comprising a computer platform having a first data [processing 
means] processor and a first memory [means] , and a monitoring 
component having a second data [processing means] processor and a 
second memory [means] , such that said computer platform enters one 
of a plurality of possible pre-determined operating states^ said 
method comprising the steps of: 

in response to an input from a user interface generating a said 
state signal, said state signal describing a selected state to 
activate for [into which] said computer platform [is to be 
activated into] ; 

activating [said computer platform into] a pre-determined state 
for said computer platform , [in which] wherein a known set of 
physical and logical resources are available for use in said state 
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and known processes can operate in said state; 

from said pre-determined state, entering a configuration menu for 
reconfiguration of said monitoring component; and 

modifying a configuration of said monitoring component by entering 
data via a user interface in accordance with an instruction set 
comprising said configuration menu. 

19. (Unchanged) The method as claimed in claim 18, wherein 
said step of entering said monitoring component configuration menu 
comprises : 

entering a confirmation key signal directly into said 
monitoring component, said confirmation key signal generated in 
response to a physical activation of a confirmation key. 

20. (Unchanged) The method as claimed in claim 18, wherein 
said step of entering said monitoring component configuration menu 
comprises entering a password to said trusted component via a user 
interface . 

21. (Amended) A method of operation of a computing entity 
comprising a monitoring component having a first data [processing 
means] processor and a first memory [means] , and a computer 
platform having a second data [processing means] processor and a 
second memory [means], said method comprising the steps of: 

entering a first state of said computer entity, wherein in 
said first state are available a plurality of pre-selected 
physical and logical resources; 



commencing a user session in said first state, in which said 



Preliminary Amendment 
November 28, 2 000 
Page 8 



EL741832285US 



user session a plurality of data inputs are received by said 
computer platform, said second data [processing means] processor 
performing data processing on said received data; 

reconfiguring said plurality of physical and logical 
resources according to instructions received in said session; 

generating [a] session data describing a configuration of 
said physical and logical resources; 

generating a plurality of user data resulting from processes 
operating within said session; 

storing said user data; 

storing session data; 

exiting said session; and 

exiting [said computer platform] from said state of the 
computer platform . 

22. (Unchanged) The method as claimed in claim 21, further 
comprising the step of: 

reconfiguring said monitoring component during said user 
session in said first state. 
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REMARKS 



Amendment of the subject application is respectfully requested. 




sully submitted, 



Richard P. Bzhcg^ 
Reg. No. 28,145/ 
Attorney for Applicant 
LADAS 8c PARRY/ 

5670 Wilshiref Boulevard #2100 
Los Angeles, California 90036 
(323) 934-2300 



EL741832285US 



30990125 

-1- 

OPERATION OF TRUSTED STATE IN COMPUTING PLATFORM 
Field of the Invention 

The present invention relates to the field of computers, and particularly, 
5 although not exclusively, to a computing entity which can be placed into a trusted 
state, and a method of operating the computing entity to achieve the trusted 
state, and operation of the computing entity when in the trusted state. 

Background to thq Invention 

10 Conventional prior art mass market computing platforms include the well- 

known personal computer (PC) and competing products such as the Apple 
Macintosh™, and a proliferation of known palm-top and laptop personal 
computers. Generally, markets for such machines fall into two categories, these 
being domestic or consumer, and corporate. A general requirement for a 

is computing platform for domestic or consumer use is a relatively high processing 
power, Internet access features, and multi-media features for handling computer 
games. For this type of computing platform, the Microsoft Windows® '95 and '98 
operating system products and Intel processors dominate the market. 

20 On the other hand, for business use, there are a plethora of available 

proprietary computer platform solutions available aimed at organizations ranging 
from small businesses to multi-national organizations. In many of these 
applications, a server platform provides centralized data storage, and application 
functionality for a plurality of client stations. For business use, other key criteria 

25 are reliability, networking features, and security features. For such platforms, the 
Microsoft Windows NT 4.0™ operating system is common, as well as the Unix™ 
operating system. 

With the increase in commercial activity transacted over the Internet, known 
3 0 as "e-commerce", there has been much interest in the prior art in enabling data 

P482.spec 
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transactions between computing platforms over the Internet. However, because 
of the potential for fraud and manipulation of electronic data, in such proposals, 
fully automated transactions with distant unknown parties on a wide-spread scale 
as required for a fully transparent and efficient market place have so far been 
5 held back. The fundamental issue is one of trust between interacting computer 
platforms for the making of such transactions. 

There have been several prior art schemes which are aimed at increasing 
the security and trustworthiness of computer platforms. Predominantly, these rely 

10 upon adding in security features at the application level, that is to say the security 
features are not inherently imbedded in the kernel of operating systems, and are 
not built in to the fundamental hardware components of the computing platform. 
Portable computer devices have already appeared on the market which include a 
smart card, which contains data specific to a user, which is input into a smart card 

15 reader on the computer. Presently, such smart cards are at the level of being 
add-on extras to conventional personal computers, and in some cases are 
integrated into a casing of a known computer. Although these prior art schemes 
go some way to improving the security of computer platforms, the levels of 
security and trustworthiness gained by prior art schemes may be considered 

20 insufficient to enable widespread application of automated transactions between 
computer platforms. For businesses to expose significant value transactions to 
electronic commerce on a widespread scale, they require confidence in the 
trustworthiness of the underlying technology. 

25 Prior art computing platforms have several problems which stand in the way 

of increasing their inherent security: 

• The operating status of a computer system or platform and the status of the 
data within the platform or system is dynamic and difficult to predict. It is 
30 difficult to determine whether a computer platform is operating correctly 
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because the state of the computer platform and data on the platform is 
constantly changing and the computer platform itself may be dynamically 
changing. 

5 ♦ From a security point of view, commercial computer platforms, in particular 
client platforms, are often deployed in environments which are vulnerable to 
unauthorized modification. The main areas of vulnerability include 
modification by software loaded by a user, or via a network connection. 
Particularly, but not exclusively, conventional computer platforms may be 
10 vulnerable to attack by virus programs, with varying degrees of hostility. 

• Computer platforms may be upgraded or their capabilities may be extended 
or restricted by physical modification, i.e. addition or deletion of components 
such as hard disk drives, peripheral drivers and the like. 

15 

It is known to provide security features for computer systems, which are 
embedded in operating software. These security features are primarily aimed at 
providing division of information within a community of users of the system. In 
the known Microsoft Windows NT™ 4.0 operating system, there exists a 
20 monitoring facility called a "system log event viewer" in which a log of events 
occurring within the platform is recorded into an event log data file which can be 
inspected by a system administrator using the windows NT operating system 
software. This facility goes some way to enabling a system administrator to 
security monitor pre-selected events. The event logging function in the Windows 

2 5 NT™ 4.0 operating system provides system monitoring. * 

In terms of overall security of a computer platform, a purely software based 
system is vulnerable to attack, for example by viruses of which there are 
thousands of different varieties. Several proprietary virus finding and correcting 

3 o applications are known, for example the Dr Solomons ™ virus toolkit program 
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The Microsoft Windows NT™ 4.0 software includes a virus guard software, which 
is preset to look for known viruses. However, virus strains are developing 
continuously, and the virus guard software will not give reliable protection against 
newer unknown viruses. New strains of virus are being developed and released 
5 into the computing and internet environment on an ongoing basis. 

Further, prior art monitoring systems for computer entities focus on network 
monitoring functions, where an administrator uses network management software 
to monitor performance of a plurality of network computers. In these known 
10 systems, trust in the system does not reside at the level of individual trust of each 
hardware unit of each computer platform in a system. 

Summary pf the Invention 

One object of the present invention is to provide a computing entity in which 
15 a third party user can have a high degree of confidence that the computing entity 
has not been corrupted by an external influence, and is operating in a predictable 
and known manner. 

Another object of the present invention is to simplify a task of judging 
20 whether a trustworthiness of a computing entity is sufficient to perform a 
particular task or set of tasks or type of task. 

In specific implementations of the present invention, a computing entity is 
capable of residing in a plurality of distinct operating states. Each operating state 
25 can be distinguished from other operating states using a set of integrity metrics 
designed to distinguish between those operating states. 

According to first aspect of the present invention there is provided a 
computing entity comprising: 

30 
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a computer platform comprising a plurality of physical and logical resources 
including a first data processor and a first memory means; 

a monitoring component comprising a second data processor and a second 
5 memory means; 

wherein, said computer platform is capable of operating in a plurality of 
different states, each said state utilising a corresponding respective set of 
individual ones of said physical and logical resources; 

10 

wherein said monitoring component operates to determine which of said 
plurality of states said computer platform operates in. 

Preferably a said memory means contains a set of instructions for 
15 configuration of said plurality of physical and logical resources of said computer 
platform into said pre-determined state. 

Preferably exit of said computer platform from said pre-determined state is 
monitored by said monitoring component. 

20 

A BIOS file may be provided within the monitoring component itself. By 
providing the BIOS file within the monitoring component, the BIOS file may be 
inherently trusted. 

25 In an alternative embodiment, said computer platform may comprise an 

internal firmware component configured to compute a digest data of a BIOS file 
data stored in a predetermined memory space occupied by a BIOS file of said 
computer platform. 
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According to second aspect of the present invention there is provided a 
method of activating a computing entity comprising a computer platform having a 
first data processing means and a first memory means and a monitoring 
component having a second data processing means and a second memory 
5 means, into an operational state of a plurality of pre-configured operational states 
into which said computer platform can be activated, said method comprising the 
steps of: 

selecting a state of said plurality of pre-configured operational states into 

1 o which to activate said computer platform; 

activating said computer platform into said selected state according to a set 
of stored instructions; and 

is wherein said monitoring component monitors activation into said selected 

state by recording data describing which of said plurality of pre-configured states 
said computer platform is activated into. 

Said monitoring component may continue to monitor said selected state 
20 after said computer platform has been activated to said selected state. 

Said monitoring component may generate a state signal in response to a 
signal input directly to said monitoring component by a user of said computing 
entity, said state signal containing data describing which said state said computer 

2 5 platform has entered . 

In one embodiment, said set of stored instructions which allow selection of 
said state may be stored in a BIOS file resident within said monitoring 
component. Once selection of a said state has been made, activation of the state 
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may be carried out by a set of master boot instructions which are themselves 
activated by the BIOS. 

Preferably the method comprises the step of generating a menu for 
selection of a said pre-configured state from said plurality of pre-configured 
states. 

The method may comprise the step of generating a user menu displayed 
on a user interface for selection of a said pre-configured state from said plurality 
of pre-configured states, and said step of generating a state signal comprises 
generating a state signal in response to a user input accepted through said user 
interface. 

Alternatively, the predetermined state may be automatically selected by a 
set of instructions stored on a smartcard, which selects a state option generated 
by said BIOS. The selection of states may be made automatically via a set of 
selection instructions to instruct said BIOS to select a state from said set of state 
options generated by said BIOS. 

Said step of monitoring a said state may comprise: 

immediately before activating said computer platform, creating by means 
of a firmware component a digest data of a first pre-allocated memory space 
occupied by a BIOS file of said computer platform; 

writing said digest data to a second pre-allocated memory space to which 
only said firmware component has write access; and 

said monitoring component reading said digest data from said second pre- 
allocated memory space. 
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Said step of monitoring a said state into which said computer platform is 
activated may comprise: 

executing a firmware component to compute a digest data of a BIOS file of 
said computer platform; 

writing said digest data to a predetermined location in said second 
memory means of said monitoring component. 

Said step of activating said computer platform into said selected state may 
comprise: 

at a memory location of said first memory means, said location occupied 
by a BIOS file of said computer platform, storing an address of said monitoring 
component which transfers control of said first processor to said monitoring 
component; 

storing in said monitoring component a set of native instructions which are 
accessible immediately after reset of said first processor, wherein said native 
instructions instruct said first processor to calculate a digest of said BIOS file and 
store said digest data in said second memory means of said monitoring 
component; and 

said monitoring component passing control of said activation process to 
said BIOS file, once said digest data is stored in said second memory means. 

Said step of monitoring said state into which said computer platform is 
activated may comprise: 
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after said step of activating said computer platform into said selected state, 
monitoring a plurality of logical and physical components to obtain a first set of 
metric data signals from those components, said metric data signals describing a 
status and condition of said components; 

5 

comparing said first set of metric data signals determined from said 
plurality of physical and logical components of said computer platform, with a set 
of pre-recorded metric data stored in a memory area reserved for access only by 
said monitoring component; and 

10 

comparing said first set of metric data signals obtained directly from said 
plurality of physical and logical components with said set of pre-stored metric 
data signals stored in sard reserved memory area. 

is According to a third aspect of the present invention there is provided a 

method of operating a computing entity comprising a computer platform having a 
first data processing means and a first memory means, and a monitoring 
component having a second data processing means and a second memory 
means, such that said computer platform enters one of a plurality of possible pre- 

2 o determined operating states said method comprising the steps of: 

in response to an input from a user interface, generating a state signal, said 
state signal describing a selected state into which said computer platform is to be 
activated into; 

25 

activating said computer platform into a pre-determined state, in which a 
known set of physical and logical resources are available for use in said state and 
known processes can operate in said state; 
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from said predetermined state, entering a configuration menu for 
reconfiguration of said monitoring component; and 

modifying a configuration of said monitoring component by entering data via 
a user interface in accordance with an instruction set comprising said 
configuration menu. 

Said step of entering said monitoring component configuration menu may 
comprise: 

entering a confirmation key signal directly into said monitoring component, 
said confirmation key signal generated in response to a physical activation of a 
confirmation key. 

Said step of entering said monitoring component configuration menu may 
comprise entering a password to said trusted component via a user interface. 

According to a fourth aspect of the present invention there is provided a 
method of operation of a computing entity comprising a monitoring component 
having a first data processing means and a first memory means, and a computer 
platform having a second data processing means and a second memory means, 
said method comprising the steps of: 

entering a first state of said computer entity, wherein in said first state are 
available a plurality of pre-selected physical and logical resources; 

commencing a user session in said first state, in which said user session 
a plurality of data inputs are received by said computer platform, said second 
data processing means performing data processing on said received data; 
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reconflguring said plurality of physical and logical resources according to 
instructions received in said session; 

generating a session data describing a configuration of said physical and 
5 logical resources; 

generating a plurality of user data resulting from processes operating 
within said session; 

l o storing said user data; 

storing session data; 

exiting said session; and 

15 

exiting said computer platform from said state. 

Said method may further comprise the step of reconfiguring said 
20 monitoring component during said user session in said first state. Thus, the 
monitoring component may be reconfigured from a trusted state of the computer 
platform. 

Brief Descript ion of the Drawings 

25 For a better understanding of the invention and to show how the same may 

be carried into effect, there will now be described by way of example only, 
specific embodiments, methods and processes according to the present 
invention with reference to the accompanying drawings in which: 
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Fig. 1 illustrates schematically a computer entity according to first specific 
embodiment of the present invention; 

Fig. 2 illustrates schematically connectivity of selected components of the 
5 computer entity of Fig. 1 ; 

Fig. 3 illustrates schematically a hardware architecture of components of the 
computer entity of Fig. 1 ; 

io Fig. 4 illustrates schematically an architecture of a trusted component 

comprising the computer entity of Fig. 1 ; 

Fig. 5 illustrates schematically a logical architecture of the computer entity, 
divided into a monitored user space resident on a computer platform and a 
is trusted space resident on the trusted component; 

Fig. 6 illustrates schematically a set of physical and logical resources 
comprising the computer entity, wherein different combinations of usage and 
accessibility to the individual physical and logical resources corresponds with 

2 o operation in different states of the computing entity; 

Fig. 7 illustrates schematically an example of a state diagram illustrating a 
set of states into which the computing entity can be placed, and processes for 
entry and exit from those states; 

25 

Fig. 8 illustrates schematically a use model followed by a user of the 
computing entity for entry and exit from individual states of the computing entity; 

Fig. 9 illustrates schematically steps of a process for entry into a trusted 

3 0 state; 
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Fig. 10 illustrates schematically a first mode of operation of the computing 
entity in a trusted state, in which a first session is carried out by a user, 

Fig. 1 1 illustrates schematically a second session carried out in a trusted 
state, wherein the second session is carried out after closure of the first session; 
and 

Fig. 12 illustrates schematically a second mode of operation of the 
computer entity in which reconfiguration of a trusted component may be made by 
a user. 

Detailed Description of the Best Mode for Carrying Out the Inventio n 

There will now be described by way of example the best mode 
contemplated by the inventors for carrying out the invention. In the following 
description numerous specific details are set forth in order to provide a thorough 
understanding of the present invention. It will be apparent however, to one 
skilled in the art, that the present invention may be practiced without limitation to 
these specific details. In other instances, well known methods and structures 
have not been described in detail so as not to unnecessarily obscure the present 
invention. 

Specific embodiments of the present invention comprise a computer 
platform having a processing means and a memory means, and which is 
physically associated with a component, known herein after as a "trusted 
component" which monitors operation of the computer platform by collecting 
metrics data from the computer platform, and which is capable of verifying to third 
party computer entities interacting with the computer platform to the correct 
functioning of the computer platform. 
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Two computing entities each provisioned with such a trusted component, 
may interact with each other with a high degree of 'trust". That is to say, where 
the first and second computing entities interact with each other the security of the 
interaction is enhanced compared to the case where no trusted component is 
present, because: 

• A user of a computing entity has higher confidence in the integrity and 
security of his/her own computer entity and in the integrity and security of the 
computer entity belonging to the other computing entity. 

• Each entity is confident that the other entity is in fact the entity which it 
purports to be. 

• Where one or both of the entities represent a party to a transaction, e.g. a 
data transfer transaction, because of the in-built trusted component, third 
party entities interacting with the entity have a high degree of confidence that 
the entity does in fact represent such a party. 

• The trusted component increases the inherent security of the entity itself, 
through verification and monitoring processes implemented by the trusted 
component. 

• The computer entity is more likely to behave in the way it is expected to 
behave. 

In this specification, the term "trusted" when used in relation to a physical or 
logical component, is used to mean a physical or logical component which always 
behaves in an expected manner. The behavior of that component is predictable 
and known. Trusted components have a high degree of resistance to 
unauthorized modification. 
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ln this specification, the term "computer platform" is used to refer to at least 
one data processor and at least one data storage means, usually but not 
essentially with associated communications facilities e.g. a plurality of drivers, 
5 associated applications and data files, and which may be capable of interacting 
with external entities e.g. a user or another computer entity, for example by 
means of connection to the internet, connection to an external network, or by 
having an input port capable of receiving data stored on a data storage medium, 
e.g. a CD ROM, floppy disk, ribbon tape or the like. The term "computer 
10 platform" encompasses the main data processing and storage facility of a 
computer entity. 

Referring to Fig. 1 herein, there is illustrated schematically one example of a 
computer entity according to a specific implementation of the present invention. 
15 Referring to Fig. 2 of the accompanying drawings, there is illustrated 
schematically physical connectivity of some of the components of the trusted 
computer entity of Fig. 1. Referring to Fig. 3 herein, there is illustrated 
schematically an architecture of the trusted computer entity of Figs. 1 and 2, 
showing physical connectivity of components of the entity. 

20 

In general, in the best mode described herein, a trusted computer entity 
comprises a computer platform consisting of a first data processor, and a first 
memory means, together with a trusted component which verifies the integrity 
and correct functioning of the computing platform. The trusted component 
25 comprises a second data processor and a second memory means, which are 
physically and logically distinct from the first data processor and first memory 
means. 

In the example shown in Figs. 1 to 3 herein, the trusted computer entity is 
30 shown in the form of a personal computer suitable for domestic use or business 
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use. However, it will be understood by those skilled in the art that that this is just 
one specific embodiment of the invention, and other embodiments of the 
invention may take the form of a palmtop computer, a laptop computer, a server- 
type computer, a mobile phone-type computer, or the like and the invention is 
5 limited only by the scope of the claims herein. In the best mode example 
described herein, the computer entity comprises a display monitor 100; a 
keyboard data entry means 101; a casing 102 comprising a motherboard on 
which is mounted a data processor; one or more data storage means e.g. hard 
disk drives; a dynamic random access memory; various input and output ports 
10 (not illustrated in Fig. 1); a smart card reader 103 for accepting a user's smart 
card; a confirmation key 104, which a user can activate when confirming a 
transaction via the trusted computer entity; and a pointing device, e.g. a mouse or 
trackball device 105; and a trusted component. 

15 Referring to Fig. 2 herein, there are illustrated some of the components 

comprising the trusted computer entity, including keyboard 101, which 
incorporates confirmation key 104 and smart card reader 103; a main 
motherboard 200 on which is mounted first data processor 201 and trusted 
component 202, an example of a hard disc drive 203, and monitor 100. 

2 o Additional components of the trusted computer entity, include an internal frame to 

the casing 102, housing one or more local area network (LAN) ports, one or more 
modem ports, one or more power supplies, cooling fans and the like (not shown 
in Fig. 2). 

25 In the best mode herein, as illustrated in Fig. 3 herein, main motherboard 

200 is manufactured comprising a first data processor 201; and preferably a 
permanently fixed trusted component 202; a local memory device 300 to the first 
data processor, the local memory device being a fast access memory area, e.g. a 
random access memory; a BIOS memory area 301; smart card interface 305; a 

3 o plurality of control lines 302; a plurality of address lines 303; a confirmation key 
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interface 306; and a data bus 304 connecting the processor 201, trusted 
component 202, memory area 300, a BIOS memory component 301 and smart 
card interface 305. A hardware random number generator RNG 309 is also able 
to communicate with the processor 201 using the bus 304. 

5 

External to the motherboard and connected thereto by data bus 304 are 
provided the one or more hard disk drive memory devices 203, keyboard data 
entry device 101, pointing device 105, e.g. a mouse, trackball device or the like; 
monitor device 100; smart card reader device 103 for accepting a smart card 
10 device as described previously; the disk drive(s), keyboard, monitor, and pointing 
device being able to communicate with processor 201 via said data bus 304; and 
one or more peripheral devices 307, 308, for example a modem, printer scanner 
or other known peripheral device. 

15 To provide enhanced security confirmation key switch 104 is hard wired 

directly to confirmation key interface 306 on motherboard 200, which provides a 
direct signal input to trusted component 202 when confirmation key 104 is 
activated by a user such that a user activating the confirmation key sends a 
signal directly to the trusted component, by-passing the first data processor and 

2 o first memory means of the computer platform. 

In one embodiment the confirmation key may comprise a simple switch. 
Confirmation key 104, and confirmation key driver 306 provide a protected 
communication path (PCP) between a user and the trusted component, which 
25 cannot be interfered with by processor 201, which by-passes data bus 304 and 
which is physically and logically unconnected to memory area 300 or hard disk 
drive memory device(s) 203. 

Trusted component 202 is positioned logically and physically between 
30 monitor 100 and processor 201 of the computing platform, so that the trusted 
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component 202 has direct control over the views displayed on monitor 100 which 
cannot be interfered with by processor 201 . 

The trusted component lends its identity and trusted processes to the 
computer platform and the trusted component has those properties by virtue of its 
tamper-resistance, resistance to forgery, and resistance to counterfeiting. Only 
selected entities with appropriate authentication mechanisms are able to 
influence the processes running inside the trusted component. Neither a user of 
the trusted computer entity, nor anyone or any entity connected via a network to 
the computer entity may access or interfere with the processes running inside the 
trusted component. The trusted component has the property of being "inviolate". 

Smart card reader 103 is wired directly to smart card interface 305 on the 
motherboard and does not connect directly to data bus 304. Alternatively, smart 
card reader 103 may be connected directly to data bus 304. On each individual 
smart card may be stored a corresponding respective image data which is 
different for each smart card. For user interactions with the trusted component, 
e.g. for a dialogue box monitor display generated by the trusted component, the 
trusted component takes the image data from the user's smart card, and uses 
this as a background to the dialogue box displayed on the monitor 100. Thus, 
the user has confidence that the dialogue box displayed on the monitor 100 is 
generated by the trusted component. The image data is preferably easily 
recognizable by a human being in a manner such that any forgeries would be 
immediately apparent visually to a user. For example, the image data may 
comprise a photograph of a user. The image data on the smart card may be 
unique to a person using the smart card. 

Referring to Fig. 4 herein, there is illustrated schematically an internal 
architecture of trusted component 202. The trusted component comprises a 
processor 400, a volatile memory area 401; a non-volatile memory area 402; a 
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memory area storing native code 403; and a memory area storing one or a 
plurality of cryptographic functions, 404, the non-volatile memory 402, native 
code memory 403 and cryptographic memory 404 collectively comprising the 
second memory means herein before referred to. 

Trusted component 202 comprises a physically and logically independent 
computing entity from the computer platform. In the best mode herein, the 
trusted component shares a motherboard with the computer platform so that the 
trusted component is physically linked to the computer platform. In the best 
mode, the trusted component is physically distinct from the computer platform, 
that is to say it does not exist solely as a sub-functionality of the data processor 
and memory means comprising the computer platform, but exists separately as a 
separate physical data processor 400 and separate physical memory area 401, 
402, 403, 404. By providing a physically present trusted component separate 
from a main processor of the computer entity, the trusted component becomes 
harder to mimic or forge through software introduced onto the computer platform. 
Another benefit which arises from the trusted component being physical, 
separate from the main processor of the platform, and tamper resistant is that the 
trusted component cannot be physically subverted by a local user, and cannot be 
logically subverted by either a local user or a remote entity. Programs within the 
trusted component are pre-loaded at manufacture of the trusted component in a 
secure environment. The programs cannot be changed by users, but may be 
configured by users, if the programs are written to permit such configuration. The 
physicality of the trusted component, and the fact that the trusted component is 
not configurable by the user enables the user to have confidence in the inherent 
integrity of the trusted component, and therefore a high degree of 'trust" in the 
operation and presence of the trusted component on the computer platform. 

Referring to Fig. 5 herein, there is illustrated schematically a logical 
architecture of the computer entity 500. The logical architecture has a same basic 
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division between the computer platform, and the trusted component, as is present 
with the physical architecture described in Figs. 1 to 3 herein. That is to say, the 
trusted component is logically distinct from the computer platform to which it is 
physically related. The computer entity comprises a user space 501 being a 
5 logical space which is physically resident on the computer platform (the first 
processor and first data storage means) and a trusted component space 502 
being a logical space which is physically resident on the trusted component 202. 
In the user space 501 are one or a plurality of drivers 503, one or a plurality of 
applications programs 504, a file storage area 505; smart card reader 103; smart 

10 card interface 305; and a software agent 506 which operates to perform 
operations in the user space and report back to trusted component 202. The 
trusted component space is a logical area based upon and physically resident in 
the trusted component, supported by the second data processor and second 
memory area of the trusted component. Confirmation key device 104 inputs 

15 directly to the trusted component space 502, and monitor 100 receives images 
directly from the trusted component space 502. External to the computer entity 
are external communications networks e.g. the Internet 507, and various local 
area networks, wide area networks 508 which are connected to the user space 
via the drivers 503 which may include one or more modem ports. External user 

2 o smart card 509 inputs into smart card reader 1 03 in the user space. 

In the trusted component space, are resident the trusted component itself, 
displays generated by the trusted component on monitor 100; and confirmation 
key 104, inputting a confirmation signal via confirmation key interface 306. 

25 

In the best mode for carrying out the invention, the computing entity has a 
plurality of modes of operation, referred to herein as operating states. Different 
ones of the plurality of operating states allow the computing entity to perform 
different sets of tasks and functionality. In some of the individual states, complex 

3 0 operations can be carried out with a large number of degrees of freedom, and 
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complexity. In other operating states, there are more restrictions on the behavior 
of the computing entity. 

The level of 'trust' which can be placed on the computing entity when 
5 operating in each of the plurality of different states is related to: 

• The number of different operations which can be carried out in a 
particular state 

• The complexity of operations which can be carried out in a particular 

10 state. 

• A number of other states into which the computing entity can move 
from the particular state, without re-booting the computing entity. 

• A number of different states from which the particular state can be 
arrived at, without re-booting the computing entity. 

is • The connectivity of the computing entity when in the particular state, 

that is to say, how many other computing entities or devices the entity is 
connectable to, e.g. over the internet, a wide area network, or a local area 
network. 

• Restrictions on input of data from an external source, e.g. another 
2 o computing entity, a floppy disk, a CD ROM, a modem, a LAN port, or the like. 

• Restrictions on output of data from the particular state to other 
computing entities, e.g. whether data can be saved to a CD writer, floppy disc 
drive, or exported through an interface to a further computer entity over the 
internet, a local area network, or a wide area network. 

2 5 • An amount of, and a reliability of, internal monitoring processes within 

the computer entity which occur in the particular state; that is to say, the amount 
and reliability of a set of metrics applied by the trusted component when in that 
state. 

• A number of checks which need to be made before a user can enter 

3 o the particular state. 
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• A difficulty of bypassing one or a plurality of checks which need to be 
made before a user can enter the particular state. 

• A difficulty of overcoming, without bypassing, one or a plurality of 
checks which are made before a user of the computer entity can enter the 

5 computing entity into the particular state. 

The trust placed in the computer entity is composed of two separate parts; 

• The trust placed in the trusted component itself. 

io • The certainty with which the trusted component can verify operation of 

the computer entity. 

As described herein, levels or degrees of trust placed in the computer entity 
are determined as being relative to a level of trust which is placed in the trusted 
15 component. Although the amount of trust in a computer entity is related to many 
factors, a key factor in measuring that trust are the types, extent and regularity of 
integrity metric checks which the trusted component itself carries out on the 
computer entity. 

20 The trusted component is implicitly trusted. The trusted component is 

embedded as the root of any trust which is placed in the computing platform and 
the computing platform as a whole cannot be any more trusted than the amount 
of trust placed in the trusted component. 

25 By virtue of the trusted component monitoring operations of the computer 

platform, the trust placed in the trusted component can be extended to various 
parts of the computer platform, with the level and extent of trust placed in 
individual areas of the computer platform, being dependent upon the level and 
reliability with which the trusted component can monitor that particular area of the 

3 o computing platform. 
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Since the trusted areas of the computing platform are dependent upon the 
frequency, extent, and thoroughness with which the trusted component applies a 
set of integrity metric measurements to the computer platform, if the trusted 
5 component does not comprehensively measure all measurable aspects of the 
operation of the computing platform at all times, then the level of trust placed in 
individual parts of the computer platform will form a subset of the overall trust 
placed in the trusted component itself. If the computing entity supports only a 
limited number of integrity metrics, a user of the equipment, including a third party 
10 computing entity, is restricted in its ability to reason about the level of trust which 
can be placed in the computing entity. 

Although various islands of the computer platform are trusted at various 
levels, depending upon the integrity metrics which are applied by the trusted 

15 component for measuring those areas of the computer platform, the level of trust 
placed in the computer platform as a whole is not as high as that which is 
inherent in the trusted component. That is to say, whilst the trusted component 
space 502 is trusted at a highest level, the user space 501 may comprise several 
regions of various levels of trust. For example, applications programs 504 may 

20 be relatively untrusted. Where a user wishes to use the computer entity for an 
operation which involves a particularly high degree of confidentiality or secrecy, 
for example working on a new business proposal, setting pay scales for 
employees or equally sensitive operations, then the human user may become 
worried about entering such details onto the computer platform because of the 

25 risk that the confidentiality or secrecy of the information will become 
compromised. The confidential information must be stored in the computing 
entity, and islands of high trust may not extend over the whole computing 
platform uniformly and with the same degree of trust For example, it may be 
easier for an intruder to access particular areas or files on the computing platform 

3 o compared with other areas or files. 
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Additionally, a user may wish to instruct the trusted component to perform 
certain functions, this poses the problem that all the commands to instruct the 
trusted component must pass through the computer platform, which is at a lower 
5 level of trust than the trusted component itself. Therefore, there is a risk of the 
commands to the trusted component becoming compromised during their 
passage and processing through the computer platform. 

According to specific implementations of the present invention, the 
10 computer entity may enter a plurality of different states, each state having a 
corresponding respective level of trust, wherein the individual levels of trust 
corresponding to different states may be different from each other. 

Referring to Fig. 6, there is illustrated schematically a set of physical and 
15 logical resources available to the computing entity. In the general case, the 
computing entity comprises a plurality of input/output devices 600 for 
communicating with other computing entities, examples of such devices including 
a modem, a local area network port, an Ethernet card, a hard disk drive 203, a 
floppy disk drive, and a smart card reader device 103; a plurality of memory areas 
2 o 601-603, resident on the hard disk 203, or ram 300; one or a plurality of operating 
systems 604-606; and one or a plurality of application programs 607-609. 

In this specification, by the term "state" when used in relation to a computing 
entity, it is meant a mode of operation of the computing entity in which a plurality 

2 5 of functions provided by the computing platform may be carried out. For example 
in a first state, the computing entity may operate under control of a first operating 
system, and have access to a first set of application programs, a first set of files, 
and a first set of communications capabilities, for example modems, disk drives, 
local area network cards, e.g. Ethernet cards. In a second state, the computing 

30 platform may have access to a second operating system, a second set of 
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applications, a second set of data files and a second set of input/output 
resources. Similarly, for successive third, fourth states up to a total number of 
states into which the computing entity can be set. There can be overlap between 
the facilities available between two different states. For example, a first and 
5 second state may use a same operating system, whereas a third state may use a 
different operating system. 

Referring to Fig. 7 herein, there is illustrated schematically a state diagram 
representing a plurality of states into which the computing entity may be placed. 

10 In principle, there is no limit to the number of different states which the computing 
entity may be placed, but in the example shown in Fig. 7 three such states are 
shown. In the example of Fig. 7, the computing entity may be placed into a first, 
trusted state 700, a second state 701 being a general purpose untrusted state 
and a third state 702 being a general purpose untrusted state. In the general 

15 case, the computing entity can reside in a plurality of different states, each having 
a corresponding respective level of trust. 

Trusted state 700 is distinguished from the second and third states 701 , 702 
by virtue of the way in which the trusted state can be accessed. In one option, 

20 trusted state 700 can only be accessed by reference to the trusted component 
202. However, in the preferred best mode implementation entry into the trusted 
state need not be controlled by the trusted component. To access the trusted 
state, a user may turn on the computing entity, that is to say turn on the power 
supply to the computing entity in a turn on process 703. Upon turning on the 

25 power supply, the computing entity boots up via the BIOS file 301 in process 704, 
from a routine contained in the computer BIOS. The computing entity may enter 
either the trusted state 700, the second state 701, or the third state 702, 
depending upon how the BIOS file is configured. In the best mode herein, a user 
of the computer entity has the option, provided as a menu display option on 

3 0 monitor 100 during boot up of the computer entity, or as a selectable option 
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presented as a screen icon, when in any state, to enter either the trusted state 
700, or one of the other states 701 , 702 by selection. For example on turn on , 
the BIOS may be configured to default boot up in to the second state 701. Once 
in the second state, entry into a different state 700 may require a key input from a 
user, which may involve entry of a password, or confirmation of the users identity 
by the user entering their smart card into smart card reader 103. 

Once the computing entity has entered a state other than the trusted state, 
e.g. the second state 701 or third state 702, then from those states the user may 
be able to navigate to a different state. For example the user may be able to 
navigate from the second state 701 to the third state 702 by normal key stroke 
entry operations on the keyboard, by viewing the monitor and using a pointing 
device signal input, usually with reference back to the BIOS. This is shown 
schematically as select new state process 705. 

In order to enter the trusted state 700, the computer entity must be either 
booted up for the first time after turn on process 704, or re-booted via the BIOS in 
re-boot process 706. Re-boot process 706 is very similar to boot up process 704 
except that it can be entered without having to turn the power of the computing 
entity off and then on again. To leave the trusted state 700, the computing entity 
must again refer to the BIOS 704 which involves automatic monitoring by the 
trusted component 202 in monitor process 706. Similarly, re-booting via the 
BIOS in process 705 involves automatic monitoring by the trusted component in 
monitoring process 706. 

To leave the trusted state 700, the trusted state can only be left either by 
turning the power off in power down process 707, or by re-booting the computing 
entity in re-boot process 705. Re-booting the BIOS in re-boot process 705 
involves automatic monitoring by the trusted component 706. Once the trusted 
state is left, it is not possible to re-enter the trusted state without either re-booting 
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the computing entity, in re-boot process 705, or booting up the computing entity 
after a power down in process 704, both of which involve automatic monitoring by 
the trusted component in monitoring process 706. 

Referring to Fig. 8 herein, there is illustrated schematically a use model 
followed by a user of the computer entity navigating through one or more states. 
In step 800, after turning on a power supply to the computing entity, the computer 
boots up via the BIOS program. The boot process is very similar to re-booting 
the computer from an existing state. In each case, control of microprocessor 201 
is seized by the BIOS component 301. The trusted component 202 measures a 
set of integrity metric signals from the BIOS 301, to determine a status of the 
BIOS 301. In step 801, the graphical user interface displays a menu option for 
entry into a plurality of different states. One of the states displayed on the menu 
is a trusted state as described herein before. The user manually selects a state 
in which to enter by using the keyboard or pointing device of the graphical user 
interface, for example by clicking a pointer icon over a state icon displayed on the 
graphical user interface. Alternatively, an automatic selection of a state may be 
made by a smartcard or via a network connection from state selection options 
generated by the BIOS. After selection of a state, the BIOS loads a program 
which loads a selected operating system corresponding with the state. A different 
load program is used for each of the plurality of different possible states. The 
trusted component measures that program in broadly a similar way to the way in 
which it measures the BIOS, so that the trusted component can record and 
determine which state has been loaded. When an external entity requests that 
the trusted component supplies integrity metrics, the trusted component supplies 
both the BIOS metrics and the loaded program metrics. In step 802, the 
computing entity enters the selected state. Once in the selected state, the user 
has access to a set of physical and logical resources in that state. For example, 
in a relatively insecure state, the user may have full internet access through a 
modem device comprising the computing entity, may have full access to one or a 
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plurality of hard disk drives or CD readers/writers, and may have full access to a 
floppy disk drive, as well as having access to a plurality of pre-loaded 
commercially available applications programs. On the other hand, if the user 
selects a trusted state having a relatively high level of trust, in that state the user 
may have available a single operating system, a limited set of applications, for 
example a word processor, accounts package, or database, and use of a printer 
device, but in that state, use of a hard disk drive, a floppy disk drive, or the 
internet may be restricted. Each selection of a separate state into which the 
computer may be booted may be pre-configured by configuration of the BIOS 
component 301 . A choice of states is presented by the BIOS to a user. Once a 
state is selected, the BIOS causes the selected state to load by calling up an 
operating system loading program to load that state. The states themselves are 
pre-configured by the loading and the relevant operating system. For entry into 
trusted states, entry into those states is via operation of the BIOS component 
301, and including monitoring by the trusted component in monitoring process 
706. In order to enter a trusted state, a user must boot or re-boot the computer 
platform in step 804. Similarly, to exit from a trusted state, the user must also 
boot or re-boot the computing entity in step 804. To navigate from a state having 
a lower trust level, for example the second state (701), or the third state (702), the 
user may navigate from that state to another state in step 805, which, in the best 
mode involves re-booting of the computing entity via the BIOS. 

Referring to Fig. 9 herein there is illustrated schematically process steps 
carried out by the computing entity for entering a state via boot process 704 or re- 
boot process 705. 

In step 900, the computer enters a boot up routine, either as a result of a 
power supply to the computing entity being turned on, or as a result of a user 
inputting a reset instruction signal, for example by clicking a pointer icon over a 
reset icon displayed on the graphical user interface, giving rise to a reset signal. 
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The reset signal is received by the trusted component, which monitors interna) 
bus 304. The BIOS component 301 initiates a boot-up process of the computer 
platform in step 901. Trusted component 202 proceeds to make a plurality of 
integrity checks on the computer platform and in particular checks the BIOS 
5 component 301 in order to check the status of the computer platform. Integrity 
checks are made by reading a digest of the BIOS component. The trusted 
component 202 acts to monitor the status of the BIOS, and can report to third 
party entities on the status of the BIOS, thereby enabling third party entities to 
determine a level of trust which they may allocate to the computing entity. 

10 

There are several ways to implement integrity metric measurement of the 
BIOS. In each case, the trusted component is able to obtain a digest of a BIOS 
file very early on in the boot up process of the computer platform. The following 
are examples: 

15 

• The BIOS component may be provided as part of the trusted component 202, 
in which the architecture illustrated in Fig. 3 herein is modified such that BIOS 
301 resides within trusted component 202. 

• The first processor 201 of the computer platform may execute immediately 
2 o after reset, an internal firmware component which computes a digest over a 

preset memory space occupied by a BIOS file. The first processor writes the 
digest to a preset memory space to which only the firmware component is 
able to write to that memory space. The first processor reads from the BIOS 
file in order to boot the computer platform. At any time afterwards, the trusted 
25 component reads data from a preset location within the memory space to 
obtain a BIOS digest data. 

• The trusted component may be addressed at a memory location occupied by 
BIOS 301, so that the trusted component contains a set of first native 
instructions which are accessed after reset of the first processor 201 . These 

30 instructions cause the first processor 201 of the computer platform to 
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calculate a digest of the BIOS, and store it in the trusted component. The 
trusted component then passes control to the BIOS 301 once the digest of the 
BIOS is stored in the trusted component. 

• The trusted component may monitor a memory control line and a reset line 
and verify that the BIOS component 301 Is the first memory location accessed 
after the computer platform resets. At some stage in the boot process, the 
BIOS passes control to the trusted component and the trusted component 
causes the first processor of the computer platform to compute a digest of the 
BIOS and return the digest to the trusted component. The process of 
computing the digest and writing the result to the trusted component must be 
atomic. This action may be started by the trusted component, causing the 
computer platform's processor to read a set of native instructions from the 
trusted component which causes the processor to compute a digest over a 
memory space occupied by the BIOS, and to write the digest data to the 
memory space occupied by the trusted component. Alternatively, this action 
could be started by the trusted component causing the first processor of a 
platform to execute an instruction, where the processor computes a digest 
over a preset memory space occupied by the BIOS and writes the digest to a 
preset memory space occupied by the trusted component. 

• A loading program for loading a selected operating system is itself loaded by 
the BIOS program. Integrity metrics of the operating system loading program 
are also measured by computing a digest of the loading program. 

In one embodiment, trusted component 202 may interrogate individual 
components of the computer platform, in particular hard disk drive 203, 
microprocessor 201, and RAM 301, to obtain data signals directly from those 
individual components which describe the status and condition of those 
components. Trusted component 202 may compare the metric signals received 
from the plurality of components of the computer entity with the pre-recorded 
metric data stored in a memory area reserved for access by the trusted 
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components. Provided that the signals received from the components of the 
computer platform coincide with and match those of the metric data stored within 
the memory, then the trusted component 202 provides an output signal 
confirming that the computer platform is operating correctly. Third parties, for 
example, other computing entities communicating with the computing entity may 
take the output signal as confirmation that the computing entity is operating 
correctly, that is to say is trusted. 

In step 903 BIOS generates a menu display on monitor 100 offering a user 
a choice of state options, including a trusted state 700. The user enters details of 
which state is to be entered by making key entry to the graphical user interface or 
data entry using a pointing device, e.g. mouse 105. The BIOS receives key 
inputs from a user which instruct a state in to which to boot in step 904. The 
trusted component may also require a separate input from confirmation key 104 
requiring physical activation by a human user, which bypasses internal bus 304 
of the computer entity and accesses trusted component 202 directly, in addition 
to the user key inputs selecting the state. Once the BIOS 301 has received the 
necessary key inputs instructing which state is required, the processing of the set 
of configuration instructions stored in BIOS 301 occurs by microprocessor 201 , 
and instructs which one of a set of state options stored in the BIOS file, the 
computer platform will configure itself into. Each of a plurality of state selections 
into which the computer platform may boot may be stored as separate boot 
options within BIOS 301 , with selection of the boot option being controlled in 
response to keystroke inputs or other graphical user inputs made by a user of the 
computing entity. Once the correct routine of BIOS file 301 is selected by the 
user, then in step 906, the BIOS file then releases control to an operating system 
load program stored in a memory area of the computer platform, which activates 
boot up of the computer platform into an operating system of the selected state. 
The operating system load program contains a plurality of start up routines for 
initiating a state, which include routines for starting up a particular operating 
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system corresponding to a selected state. The operating load program boots up 
the computer platform into the selected state. The operating system measures 
the metrics of the load program which is used to install the operating system, in 
step 907. Once in the selected state, trusted component 202 continues, in step 
5 908, to perform on an ongoing continuous basis further integrity check 
measurements to monitor the selected state continuously, looking for 
discrepancies, faults, and variations from the normal expected operation of the 
computer platform within that state. Such integrity measurements are made by 
trusted component 202 sending out interrogation signals to individual 

10 components of the computer platform, and receiving response signals from the 
individual components of the computer platform, which response signals the 
trusted component may compare with a predetermined preloaded set of expected 
response signals corresponding to those particular states which are stored within 
the memory of the trusted component, or the trusted component 202 compares 

15 the integrity metrics measured from the computer platform in the selected state 
with the set of integrity metrics initially measured as soon as the computer 
platform enters the selected state, so that on an ongoing basis any changes to 
the integrity metrics from those initially recorded can be detected. 

20 During the boot up procedure, although the trusted component monitors the 

boot up process carried out by the BIOS component, it does not necessarily 
control the boot up process. The trusted component acquires a value of the 
digest of the BIOS component 301 at an early stage in the boot up procedure. In 
some of the alternative embodiments, this may involve the trusted component 

25 seizing control of the computer platform before boot up by the BIOS component 
commences. However, in alternative variations of the best mode implementation 
described herein, it is not necessary for the trusted component to obtain control 
of the boot up process, but the trusted component does monitor a computer 
platform, and in particular the BIOS component 301. By monitoring the computer 

3 0 platform, the trusted component stores data which describes which BIOS options 
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have been used to boot up the computer, and which operating system has been 
selected. The trusted component also monitors the loading program used to 
install the operating system. 

5 There will now be described an example of operation of a computer entity 

within a trusted state in a first specific mode of operation according to the present 
invention. 

Referring to Figs. 10 and 11 herein, there is illustrated schematically usage 
10 of the computing entity in a trusted state, extending over a plurality of user 
sessions, for example usage of the computing entity over two successive days, 
whilst turning off or re-booting the computing entity between sessions. 

Referring to Fig. 10 herein, a user boots up the computing entity into a 

15 trusted state 700 as herein before described in a first boot process 1000. In the 
trusted state, the user commences a first session 1001 of usage of the computing 
entity. Within the session, because the computer platform is booted into the 
trusted state, a predetermined set of logical and physical resources are available 
to the user within that trusted state. Typically, this would include access to an 

20 operating system and a predetermined selection of applications. The level of 
trust which applies to the trusted state varies depending upon the number, 
complexity and reliability or the physical and logical resources available to the 
user within the trusted state. For example, where the trusted state is configured 
to use a well-known reliable operating system, for example UNIX, and a reliable 

25 word processing package with minimal access to peripheral devices of the 
computer platform being permitted in the trusted state, for example no access to 
modems, and access to output data restricted to a single writer drive, e.g. a CD 
writer, then this may have a relatively high degree of trust. In another trusted 
state, where more facilities are available, the trust level would be different to that 

3 0 in a trusted state in which more limited access to physical or logical resources. 
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However, each trusted state is characterized in that the access to facilities is 
predetermined and known and can be verified by trusted component 202. During 
the first session 1001, a user may call up an application 1002 available in the 
trusted state, and may enter user data 1003, for example via a keyboard device. 
5 The user data 1003 is processed according to the application 1002 in processing 
operation 1004, resulting in processed output user data 1005. During the course 
of the session, by virtue of using the computer platform, operating system and 
applications, the user may have reconfigured the applications and/or operating 
system for a specific usage within the session. For example, in a word processor 

10 application, documents may have been formatted with certain line spacing, font 
styles etc. To avoid these settings being lost on leaving the trusted state, such 
settings comprising session data 1006 may be stored during the session. 
Similarly, to avoid the effort made by the user during the session being lost, the 
output user data may be stored during the session. However, the user session 

15 1001 only exists in the trusted state as long as the trusted state exists. 
Therefore, to avoid loss of settings and data from the first session 1001 in the 
trusted state 700, the output user data and session data must be stored as stored 
output user data 1007 and stored session data 1008 respectively before the 
trusted state can be exited. The stored output user data 1007 and stoned session 

20 data 1008 may be saved to a device available in the trusted state, for example 
hard disk drive 203 or a CD reader/writer peripheral for use in a further 
successive session, or be encrypted and signed and then saved at a remote 
location, accessed over a network. Preferably, signing of user data and session 
data is done by the trusted component and/or the user's smartcard. Exit from the 

25 trusted states involves closing the first user session 1001, and rebooting the 
computing entity via re-boot process 705, or powering down the computing entity 
via power down process 707. In the first user session in the trusted state, 
processing of user input data occurs, and the output of the process is the output 
processed data. The output processed data is stored after processing of the data 
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has terminated, and before the session is ended, and before the trusted state is 
exited. 

Referring to Fig. 1 1 herein, there is illustrated schematically operation of the 
computing entity on a second day, in a second session in the same trusted state 
700. Between the first and second sessions the trusted state 700 disappears 
completely, since the computing entity leaves the trusted state 700. On leaving 
the trusted state 700, apart from the stored output user data and stored session 
data, the computer platform saves no information concerning the trusted state 
other than that which is pre-programmed into the BIOS 301 and the loading 
programs and the trusted component 202. Therefore, for all practical purposes, 
on power down or re-boot, the trusted state 700 ceases to exist. However, the 
ability to re-enter the trusted state 700 through a new operation of the boot 
process or re-boot process remains within the capabilities or the computing entity. 
The trusted state is entered via a second boot process 1100 as herein before 
described. Once the trusted state is entered, a second session 1101 
commences. Within the second session 1101 the operating system, applications 
and facilities available from the computer platform are selected from the same set 
of such physical and logical resources as where available previously for the first 
session. However, usage of those facilities within the second session may vary 
according to a user's keystroke instructions. Second session 1101 may 
effectively comprise a continuation of first session 1001. The user may call up 
the same application 1002 as previously and may effectively continue the work 
carried out during the first session in the second session 1101. However, 
because exiting the trusted state involves the computer platform in complete 
amnesia of all events which occurred during that trusted state, after the state has 
been left, if the trusted state is reactivated and the new session is commenced, 
the application 1002 has no memory of its previous configuration. Therefore, 
stored output session data 1008 produced at the end of the first session 1001 
must be input into the second session 1101 in order to reconfigure the 
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application, to save for example the settings of line spacing and format, and the 
output user data 1005 stored as stored output user data 1007 must be re-input 
into the second session 1101 for further work to continue on that data. The 
stored session data 1008 and user data 1007 may be retrieved from a storage 
5 medium, decrypted and authenticated and then loaded into the trusted state, to 
configure the second session as a continuation of the first session. Preferably, 
integrity measurement checks are performed by the trusted component on the 
user data and session data imported from the smartcard or storage medium, 
before that data is loaded. During the second session 1101, further user data 

10 1102 is input by the user, and the further data is processed together with the 
stored first output data 1007 according to the application 1002 configured 
according to the first stored output session data 1008 in process 1103. 
Processing of the data 1103 during the second session 1101 results in a new 
output user data 1 104. If the application or operating system used in the second 

15 session has changed in configuration during the second session, this results in a 
new session data 1105. As with the first session, in order to close the session 
without losing the settings of the application program, and operating system, and 
without losing the benefit of the work carried out during the second session, both 
the new session data 1 105 and the new output user data 1 104 need to be stored. 

20 These data are stored respectively as a stored new output user data 1 106 and a 
stored new session data 1107. 

At the end of the second session, the session is closed after having saved 
the work produced in the second session, and the trusted state is exited via a 
25 power down process or re-boot process 705, 707. All memory of the trusted 
state and second session other than that stored as the session data 1107 and 
stored output user data 1 106 is lost from the computer platform. 

It will be appreciated that the above example is a specific example of using 
30 a computer in successive first and second sessions on different days. In 
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between use of those sessions, the computing entity may be used in a plurality of 
different states, for different purposes and different operations, with varying 
degrees of trust. In operating states which have a lower level of trust, for 
example the second and third states (being 'untrusted* states) the computer entity 
will not lose memory of this data configuration between transitions from state to 
state. According to the above method of operation, the trusted state 700 may be 
activated any number of times, and any number of sessions carried out. 
However, once the trusted state is exited, the trusted state has no memory of 
previous sessions. Any configuration of the trusted state must be by new input of 
data 1003, 1 102, or by input of previously stored session data or user data 1007, 
1008, 1106, 1107. 

In the above described specific implementations, specific methods, specific 
embodiments and modes of operation according to the present invention, a 
trusted state comprises a computer platform running a set of processes all of 
which are in a known state. Processes may be continuously monitored 
throughout a session operating in the trusted state, by a trusted component 202. 

Referring to Fig. 12 herein, there is illustrated schematically a second mode 
of operation of a trusted state, in which the trusted component itself 202 can be 
reconfigured by a user. In the second mode of operation, the trusted component 
stores a predetermined set of data describing metrics which apply when the 
computer platform is in the trusted state in which the component itself can be 
reconfigured. A trusted state 1200 is entered as described previously herein 
through boot process 704 or re-boot process 705. In the trusted state, a user 
enters a command to call up a trusted component configuration menu in step 
1201 . The trusted component configuration menu comprises a set of instructions 
stored in memory and which is only accessible via a trusted state. In order to 
make changes to the menu, various levels or security may be applied. For 
example, a user may be required to enter a secure password, for example a 
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password comprising numbers and fetters or other characters in step 1202. The 
trusted component monitors the trusted state from which the trusted component 
can be reconfigured by comparing measured integrity metrics from the computer 
platform whilst in the trusted state, with the set of pre-stored integrity metrics 
5 which the trusted component stores in its own memory area. The trusted 
component will not allow a user to reconfigure the trusted component 202 unless 
the integrity metrics measured by the trusted component when the computer 
platform is in the trusted state from which the trusted component can be 
reconfigured match the pre-stored values in the trusted component's own 

10 memory, thereby verifying that the computer platform is operating correctly in the 
trusted state. The trusted component denies a user reconfiguration of the trusted 
component if the trusted component detects that the measured integrity metrics 
of the computer platform do not match those predetermined values which are 
stored in the trusted component's own internal memory, and are those of the 

15 trusted state from which the trusted component can be re-configured. 

Additionally, or optionally, the user may be required to insert a smart card 
into smart card reader 103 in step 1203, following which the trusted component 
verifies the identity of the user by reading data from the smart card via smart card 

20 interface 305. Additionally, the user may be required to input physical 
confirmation of his or her presence by activation of confirmation key 104 
providing direct input into trusted component 202 as described with reference to 
Fig. 3 herein in step 1204. Data describing the trusted state, for example, which 
operating system to use, and which applications to use, may be stored on the 

25 smart card and used to boot up the computer platform into the trusted state. 

Once the security checks including the password, verification by smart card 
and/or activation of the confirmation key are accepted by the trusted component, 
the file configuration menu is displayed on the graphical user interface under 
3 0 control of trusted component 202 in step 1205. Reconfiguration of the trusted 
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component can be made using the menu in step 1206 by the user. Depending 
upon the level of security applied, which is an implementation specific detail of 
the trusted component configuration menu, the user may need to enter further 
passwords and make further confirmation key activations when entering data into 
5 the menu itself. In step 1207, the user exits the trusted component 
reconfiguration menu having reconfigured the trusted component. 

In the trusted component configuration menu, a user may reconfigure 
operation of the trusted component. For example, a user may change the 
l o integrity metrics used to monitor the computer platform. 

By storing predetermined digest data corresponding to a plurality of integrity 
metrics present in a state inside the trusted component's own memory, this may 
provide the trusted component with data which it may compare with a digest data 
is of a state into which the computer platform is booted, for the trusted component 
to check that the computer platform has not been booted into an unauthorized 
state. 

The trusted component primarily monitors boot up of the computer platform. 
20 The trusted component does not necessarily take control of the computer 
platform if the computer platform boots into an unauthorized state, although 
optionally, software may be provided within the trusted component which enables 
the trusted component to take control of the computer platform if the computer 
platform boots into an unauthorized, or an unrecognized state. 

25 

When in the trusted state, a user may load in new applications to use in that 
trusted state, provided the user can authenticate those applications for use in the 
trusted state. This may involve a user entering a signature data of the required 
application to the trusted component, to allow the trusted component to verify the 
3 o application by means of its signature when loading the application into the trusted 
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state. The trusted component checks that the signature of the application is the 
same as the signature which the user has loaded into the trusted component 
before actually loading the application. At the end of a session, the application is 
lost from the platform altogether. The session in the trusted state exists only in 
5 temporary memory, for example random access memory, which is reset when the 
trusted state is exited. 

In the above described implementations, a version of a computer entity in 
which a trusted component resides within a video path to a visual display unit 
10 have been described. However, the invention is not dependent upon a trusted 
component being present in a video path to a visual display unit, it will be 
understood by persons skilled in the art that the above best mode 
implementations are exemplary of a large class of implementations which can 
exist according to the invention. 

15 

In the above described best mode embodiment, methods of operation have 
been described wherein a user is presented with a set of options for selecting a 
state from a plurality of states, and a user input is required in order to enter a 
particular desired state. For example a user input may be required to specify a 

20 particular type of operating system which is required to be used, corresponding to 
a state of the computer platform. In a further mode of operation of the specific 
embodiment, data for selecting a predetermined operating state of the computer 
platform may be stored on a smart card, which is transportable from computer 
platform to computer platform, and which can be used to boot up a computer 

25 platform into a predetermined required state. The smartcard responds to a set of 
state selection options presented by a BIOS, and selects one of a plurality of 
offered choices of state. The BIOS contains the state selections available, and a 
set of loading programs actually install the various operating systems which 
provide the states. In this mode of operation, rather than data describing a 

3 0 predetermined state being stored within the first memory area of the trusted 
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component, and the BIOS system obtaining that data from the trusted component 
in order to boot the computer platform up into a required predetermined state, the 
information can be accessed from a smart card entered into the smart card 
reader. 

5 

Using such a smart card pre-configured with data for selecting one or a 
plurality of predetermined states, a user carrying the smart card may activate any 
such computing entity having a trusted component and computer platform as 
described herein into a predetermined state as specified by the user, with a 

10 knowledge that the computing entity will retain no record of the state after a user 
session has taken place. Similarly as described with reference to Figs. 10 and 1 1 
herein, any output user data or configuration data produced during a session may 
be verified by the smart card, which can be taken away by a user and used to 
boot up a further different computing entity into the same state, and continue a 

15 session on a different computing entity, verifying any information on user data or 
session data which is to be retrieved, without either computing entity retaining a 
permanent record of the predetermined state, and without either computing entity 
retaining any of the processed user data or session configuration data of the 
predetermined state. 

20 
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Claims: 

1 . A computing entity comprising : 

a computer platform comprising a plurality of physical and logical resources 
including a first data processor and a first memory means; 

a monitoring component comprising a second data processor and a second 
memory means; 

wherein, said computer platform is capable of operating In a plurality of 
different states, each said state utilising a corresponding respective set of 
individual ones of said physical and logical resources; 

wherein said monitoring component operates to determine which of said 
plurality of states said computer platform operates in. 

2. The computing entity as claimed in claim 1 , wherein a said memory 
means contains a set of instructions for configuration of said plurality of physical 
and logical resources of said computer platform into said pre-determined state. 

3. The computing entity as claimed in claim 1 , in which exit of said 
computer platform from said pre-determined state is monitored by said monitoring 
component. 

4. The computing entity as claimed in claim 1 , wherein said monitoring 
component includes a BIOS file. 

5. The computing entity as claimed in claim 1, wherein said computer 
platform comprises an internal firmware component configured to compute a 
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digest data of a BIOS file data stored in a predetermined memory space 
occupied by a BIOS file of said computer platform. 

6. A method of activating a computing entity comprising a computer 
5 platform having a first data processing means and a first memory means and a 

monitoring component having a second data processing means and a second 
memory means, into an operational state of a plurality of pre-configured 
operational states into which said computer platform can be activated, said 
method comprising the steps of: 

10 

selecting a state of said plurality of pre-configured operational states into 
which to activate said computer platform; 

activating said computer platform into said selected state according to a set 
15 of stored instructions; 

wherein said monitoring component monitors activation into said selected 
state by recording data describing which of said plurality of pre-configured states 
said computer platform is activated into. 

20 

7. The method as claimed in claim 6, wherein said monitoring 
component continues to monitor said selected state after said computer platform 
has been activated into said state. 

25 8. The method as claimed in claim 6, wherein said monitoring 

component generates a state signal in response to a signal input directly to said 
monitoring component by a user of said computing entity, said state signal 
indicating which said state said computer platform has entered. 
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9. The method as claimed in claim 6, wherein said set of stored 
instructions are stored in a BIOS file resident within said monitoring component. 

10. The method as claimed in claim 6, comprising the step of 
5 generating a menu for selection of a said pre-configured state from said plurality 

of pre-configured states. 

11. The method as claimed in claim 6, comprising the step of 
generating a user menu displayed on a user interface for selection of a said pre- 

10 configured state from said plurality of pre-configured states, and said step of 
generating a state signal comprises generating a state signal in response to a 
user input accepted through said user interface. 

12. The method as claimed in claim 7, in which said step of selecting a 
15 state of said plurality of pre-configured operational states comprises receiving a 

selection signal from a smartcard device, said selection signal instructing a BIOS 
of said computer platform to activate the said computer platform into a said 
selected state. 

20 13. The method as claimed in claim 6, wherein said step of selecting a 

state of said plurality of pre-configured operational states comprises receiving a 
selection message from a network connection, said selection message instructing 
a BIOS file of said computer platform to activate said computer platform into a 
said selected state. 

25 

14. The method as claimed in claim 6, wherein said step of monitoring 
a said state comprises: 
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immediately before activating said computer platform, creating by means 
of a firmware component a digest data of a first pre-aHocated memory space 
occupied by a BIOS file of said computer platform; 

5 writing said digest data to a second pre-allocated memory space to which 

only said firmware component has write access; and 

said monitoring component reading said digest data from said second pre- 
allocated memory space. 

10 

15. The method as claimed in claim 6, wherein said step of monitoring 
said state into which said computer platform is activated comprises: 

executing a firmware component to compute a digest data of a BIOS file of 
1 5 said computer platform; 

writing said digest data to a predetermined location in said second 
memory means of said monitoring component. 

20 16. The method as claimed in claim 6, wherein said step of activating 

said computer platform into said selected state comprises: 

at a memory location of said first memory means, said location occupied 
by a BIOS file of said computer platform, storing an address of said monitoring 
25 component which transfers control of said first processor to said monitoring 
component; 

storing in said monitoring component a set of native instructions which are 
accessible immediately after reset of said first processor, wherein said native 
3 0 instructions instruct said first processor to calculate a digest of said BIOS file and 
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store said digest data in said second memory means of said monitoring 
component; and 

said monitoring component passing control of said activation process to 
5 said BIOS file, once said digest data is stored in said second memory means. 

17. The method as claimed in claim 6, wherein said step of monitoring 
said state into which said computer platform is activated comprises: 

10 after said step of activating said computer platform into said selected state, 

monitoring a plurality of logical and physical components to obtain a first set of 
metric data signals from those components, sard metric data signals describing a 
status and condition of said components; 

is comparing said first set of metric data signals determined from said 

plurality of physical and logical components of said computer platform, with a set 
of pre-recorded metric data stored in a memory area reserved for access only by 
said monitoring component; and 

20 comparing said first set of metric data signals obtained directly from said 

plurality of physical and logical components with said set of pre-stored metric 
data signals stored in said reserved memory area. 

18. A method of operating a computing entity comprising a computer 
25 platform having a first data processing means and a first memory means, and a 
monitoring component having a second data processing means and a second 
memory means, such that said computer platform enters one of a plurality of 
possible pre-determined operating states said method comprising the steps of: 



30 
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in response to an input from a user interface generating a said state signal, 
said state signal describing a selected state into which said computer platform is 
to be activated into; 

activating said computer platform into a pre-determined state, in which a 
known set of physical and logical resources are available for use in said state and 
known processes can operate in said state; 

from said pre-determined state, entering a configuration menu for 
reconfiguration of said monitoring component; and 

modifying a configuration of said monitoring component by entering data via 
a user interface in accordance with an instruction set comprising said 
configuration menu. 

19. The method as claimed in claim 18, wherein said step of entering 
said monitoring component configuration menu comprises: 

entering a confirmation key signal directly into said monitoring component, 
said confirmation key signal generated in response to a physical activation of a 
confirmation key. 

20. The method as claimed in claim 18, wherein said step of entering 
said monitoring component configuration menu comprises entering a password to 
said trusted component via a user interface. 

21. A method of operation of a computing entity comprising a 
monitoring component having a first data processing means and a first memory 
means, and a computer platform having a second data processing means and a 
second memory means, said method comprising the steps of: 
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entering a first state of said computer entity, wherein in said first state are 
available a plurality of pre-selected physical and logical resources; 

5 commencing a user session in said first state, in which said user session 

a plurality of data inputs are received by said computer platform, said second 
data processing means performing data processing on said received data; 

reconfiguring said plurality of physical and logical resources according to 
10 instructions received in said session; 

generating a session data describing a configuration of said physical and 
logical resources; 

15 generating a plurality of user data resulting from processes operating 

within said session; 

storing said user data; 

2 o storing session data; 

exiting said session; and 

exiting said computer platform from said state. 

25 

22. The method as claimed in claim 21 , further comprising the step of: 

reconfiguring said monitoring component during said user session in said 
first state. 

30 
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OPERATION OF TRUSTED STATE IN COMPUTING PLATFORM 

A computing entity comprises a trusted monitoring component having a first 
processing means and a first memory means, the trusted monitoring component 
5 being a self-contained autonomous data processing unit, and a computer 
platform having a main processing means and a main memory area, along with a 
plurality of associated physical and logical resources such as peripheral devices 
including printers, modems, application programs, operating systems and the 
like. The computer platform is capable of entering a plurality of different states of 

10 operation, each state of operation having a different level of security and 
trustworthiness. Selected ones of the states comprise trusted states in which a 
user can enter sensitive confidential information with a high degree of certainty 
that the computer platform has not been compromised by external influences 
such as viruses, hackers or hostile attacks. To enter a trusted state, references 

15 made automatically to the trusted component, and to exit a trusted state 
reference must be made to the trusted component On exiting the trusted state, 
all references to the trusted state are deleted from the computer platform. On 
entering the trusted state, the state is entered in a reproducible and known 
manner, having a reproducible and known configuration which is confirmed by 

2 o the trusted component. 
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COMBINED DECLARATION AND POWER OF ATTORNEY 

(ORIGINAL, DESIGN, NATIONAL STAGE OF PCT, SUPPLEMENTAL, DIVISIONAL, CONTINUATION, OR CIP) 



As a below named inventor, I hereby declare that: 

TYPE OF DECLARATION 

This declaration is of the following type: (check one applicable item below) 
[ X ] original 
[ ] design 
[ ] supplemental 

NOTE: If the declaration is for an International Application being filed as a divisional, 
continuation or continuation-in-part application, do not check next item; check appropriate 
one of last three items. 

[ ] national stage of PCT 
NOTE: If one of the following 3 items apply, then complete and also attach ADDED PAGES FOR 
DIVISIONAL, CONTINUATION, OR CIP. 

[ ] divisional 

[ X ] continuation 

[ ] continuation-in-part (CIP) 

INVENTORSHIP IDENTIFICATION 

WARNING: If the inventors are each not the inventors of alt the claims an explanation of 
the facts, including the ownership of all the claims at the time the last 
claimed invention was made, should be submitted. 

My residence, post office address and citizenship are as stated below next to my name. I 
believe I am the original, first and sole inventor (if only one name is listed below) or an 
original, first and joint inventor (if plural names are listed below) of the subject matter 
which is claimed and for which a patent is sought on the invention entitled: 

TITLE OF INVENTION 



"OPERATION OF TRUSTED STATE IN COMPUTING PLATFORM" 



SPECIFICATION IDENTIFICATION 

the specification of which: (complete (a), (b) or (c)) 
( a ) [ X ] is attached hereto. 

( b ) [ ] was filed on as [ ] Serial No. 0 / 

or [ ] Express Mail No., as Serial No. not yet known, 

and was amended on (if applicable). 

NOTE: Amendments filed after the original papers are deposited with the PTO which contain 
new matter are not accorded a filing date by being referred to in the declaration. 
Accordingly, the amendments involved are those filed with the application papers or, 
in the case of a supplemental declaration, are those amendments claiming matter not 
encompassed in the original statement of invention or claims. See 37 CFR 1.67. 

(c) [ X ] was described and claimed in PCT International Application No. PCT/GB00/0361 3 
filed on 19 September 2000 as amended under PCT Article 19 (1) 
on (if any). 
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ACKNOWLEDGMENT OF REVIEW OF PAPERS AND DUTY OF CANDOR 

I hereby state that I have reviewed and understand the contents of the above identified 
specification, including the claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose information which is material to patentability as defined 
in Title 37, Code Federal Regulations § 1.56. 

[ ] In compliance with this duty there is attached an information disclosure statement 
37 CFR 1.97. 

PRIORITY CLAIM 

I hereby claim foreign priority benefits under Title 35, United States Code, § 119 of any 
foreign application(s) for patent or inventor's certificate or of any PCT international 
application(s) designating at least one country other than the United States of America listed 
below and have also identified below any foreign applications(s) for patent or inventor's 
certificate or any PCT international application(s) designating at least one country other 
than the United States of America filed by me on the same subject matter having a filing date 
before that of the application(s) of which priority is claimed. 

(complete (d) or (e)) 

( d ) [ ] no such applications have been filed. 

(e) [ X ] such applications have been filed as follows. 

NOTE: Where item (c) is entered above and the International Application which designated 
the U.S. claimed priority check item (e), enter the details below and make the 
priority claim. 



EARLIEST FOREIGN APPLICATION(S), IF ANY, FILED WITHIN 12 MONTHS 
(6 MONTHS FOR DESIGN(S)) PRIOR TO THIS U.S. APPLICATION 



COUNTRY 


APPLICATION NUMBER 


DATE OF FILING 
(day, month, year) 


PRIORITY CLAIMED 
UNDER 37 USC 119 


EP 


99307380.8 


17 September 1999 


[ X ] YES [ ] NO 








[ ] YES [ ] NO 








[ ] YES [ ] NO 








[ ]YES [ ]NO 








[ ] YES [ ] NO 



ALL FOREIGN APPLICATION(S), IF ANY FILED MORE THAN 12 MONTHS 
(6 MONTHS FOR DESIGN(S)) PRIOR TO THIS U.S. APPLICATION 
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POWER OF ATTORNEY 



As a named inventor, 1 hereby appoint the following attorney(s) and/or agent(s) to prosecute this 
application and transact all business in the Patent and Trademark Office connected therewith. (List 
name and registration number) 



Richard P. Berg, Reg. No. 28,145 
Mavis S. Gallenson, Reg. No. 32,464 
Kam C. Louie, Reg. No. 33,008 
Ross A. Schmitt, Reg. No. 42,529 



Victor Repkin, Reg. No. 45,039 
John Palmer, Reg. No. 36,885 
Peter D. Galloway, Reg. No. 27, 885 
William R. Evans, Reg. No. 25, 858 



(check the foliowing item, if appiicable) 

[ ] Attached as part of this declaration and power of attorney is the authorization of the 
above-named attorney(s) to accept and follow instructions from my representative(s). 



SEND CORRESPONDENCE TO: 

Richard P. Berg, Esq. 

c/o LADAS & PARRY 

5670 Wilshire Boulevard, Suite 2100 

Los Angeles, California 90036-5679 



DIRECT TELEPHONE CALLS TO: 
(Name and telephone number) 

Richard P. Berg 

(323) 934-2300 



DECLARATION 

I hereby declare that all statements made herein of my own knowledge are true and that all 
statements made on information and belief are believed to be true; and further that these 
statements were made with the knowledge that willful false statements and the like so made are 
punishable by fine or imprisonment, or both, under Section 1001 of Title 18 of the United States 
Code, and that such willful false statements may jeopardize the validity of the application or any 
patent issued thereon. 

SIGNATURE(S) 



Full name of sole or first inventor Graeme J ohn PROUDLER 
Inventor's signature . . 



Date Country of Citizenship Great Britain 



Residence 5 Touchstone Avenue. Stoke Gifford. Bristol BS34 8XQ, Great B ritain 
Post Office Address (same as residence) . 



Full name of second joint inventor, if any David CHAN 
Inventor's signature „ — 



Oate Country of Citizenship U.S.A. 



Residence 16112 Mavs Avenue. Monte Sereno. California 95030 U.S.A. 

Post Office Address (same as residence) 
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CHECK PROPER BOX(ES) FOR ANY OF THE FOLLOWING ADDED PAGES(S) 
WHICH FORM A PART OF THIS DECLARATION 

[ ] Signature for third and subsequent joint inventors. Number of pages added _ 

[ ] Signature by administrator(trix), executor(trix) or legal representative for deceased or 
incapacitated inventor. Number of pages added 

[ ] Signature for inventor who refuses to sign or cannot be reached by person authorized 

under 37 CFR 1.47. Number of pages added Added pages to combined declaration and 
power of attorney for divisional, continuation-in-part (CIP) application. 
Number of pages added 

* * * 

[ X ] Added pages to combined declaration and power of attorney for divisional, continuation, 
or continuation-in-part (CIP) application. 
Number of pages added ±. 

[ ] Authorization of attorney(s) to accept and follow instructions from representative. 



If no further pages form a part of this Declaration then end this Declaration with 
this page and check the following item. 

[ ] This declaration ends with this page. 
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ADDED PAGE TO COMBINED DECLARATION AND POWER OF ATTORNEY 
FOR DIVISIONAL, CONTINUATION, OR CIP APPLICATION 

(Complete this part only if this is a divisional, continuation, or CIP application) 



CLAIM FOR BENEFIT OF EARLIER U.S./PCT APPLICATION(S) UNDER 35 U.S.C. 120 

I hereby claim the benefit under Title 35, United States Code, § 120 of any United States 
application(s) or PCT international application(s) designating the United States of America that 
is/are listed below and, insofar as the subject matter of each of the claims of this application is not 
disclosed in that/those prior application(s) in the manner provided by the first paragraph of Title 
35, United States Code, § 112, i acknowledge the duty to disclose material information as defined 
in Title 37, Code of Federal Regulations, § 1.56 which occurred between the filing date of the prior 
application(s) and the national or PCT international filing date of this application. 



PRIOR U.S. APPLICATIONS OR PCT INTERNATIONAL APPLICATIONS 
DESIGNATING THE U.S. FOR BENEFIT UNDER 35 USC 120: 





STATUS (Check one) 


U.S. APPLICATIONS 


U.S. FILING DATE 


Patented 


Pending 


Aban- 
doned 


1. 0 / 










2. 0 / 










3. 0 / 















PCT APPLICATION NO. 


PCT FILING 
DATE 


U.S. SERIAL 
NOS. ASSIGNED 
(if any) 








4. PCT/GB00/03613 


19 September 
2000* 






X 




5. 












6 













*This application is being filed as a continuation of co-pending PCT 
International Patent Application No. PCT/GB00/03613 (filed on 19 
September 2000), which PCT application claims priority to EP Application 
No. 99307380.8 (filed on 17 September 1999). 



(Added Page to Combined Declaration and Power of Attorney for Divisional Continuation, or CIP 

Application) 



